I'm happy to say that my upgrade yesterday was sucessfull. We upgraded to a new hardware platform and from checkpoint 4.0 SP1 to 4.1 SP1. old firewall = Solaris 7 (x86) checkpoint 4.0 SP1 new firewall = Solaris 7 Sparc checkpoint 4.1 SP1 here was the process i followed (in case your interested.....) Install checkpoint 4.0 Sp1 on new firewall copy conf folder from old firewall to new firewall upgrade to 4.0 Sp5 on new firewall (this was on the advice of our VAR because they say it is a seemless upgrade from 4.0 Sp5 to 4.1) Upgrade new firewall to 4.1 Sp1 Configure new firwall's OS with all the routes and static ARP's. Also don't forget to update any files that are not in your conf folder eg. /lib/crypt.def for your Encrypting your DNS (required for split dns to work with VPN) The reason i chose to do it this ways was it was seemless to all VPN users and other connections. My encryption keys are the same so the SecuRemote users didn't have to re-download the topology... hope this helps anyone planning on doing the same...... >We tried this when we moved from 4.0 to 4.1 on an NT machine and were >unsuccesefull I'm afraid. > >We decided in the end (as though we had a choice) to rebuild everything from >scratch. > >You'll need to make data sheets with all the info first, which is a lot of >work if you have a lot of objects etc, but it's the best and safest way if >you want my opinion. > >Mike > -----Original Message----- > From: Trent [SMTP:[EMAIL PROTECTED]] > Sent: a eaie 05 2000 16:42 > To: [EMAIL PROTECTED] > Subject: [FW1] move and upgrate rules > > > Can anyone recommend the best way to move + update the rules from > (SERVER A) - CheckPoint 4.0 Sp1 on Solaris (i386) > to > (SERVER B) - CheckPoint 4.1 Sp1 on Solaris server. > > My goal is to make sure my user database is migrated and the VPN FWZ > Encryption key's are the same so that migration is seemless to the VPN > users. > > I tried to simply tar and un-tar the conf folder into the new server but > that didn't work (The rules database seemed corrupt). The only other > thing > i can think of is to do the following on Server B. > > Uninstall 4.1 > install 4.0 > copy the conf folder > upgrade to 4.1 > > Does anyone have any suggestions or better idea's before i start ????? > Also does the conf folder contain the Encryption key's ???? > > thanks in advance > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
