Hey Raymond,
I saw your email and I have just recently sent the same question. I
haven't recieved a complete answer. I will paste-in what I have recieved
but I still have questions. There is a particular step that envolves
verifying a VPN version of which I do not have; I don't know what to do
about that. Also, it explains that you should copy the dir structure for
FW1 and that you then can do a "policy"-->"install". What is that? I
can't find out where that is, and if I did, do you just point to the
root of the SUNWfw directory?
I have sent these questions but I am still hoping for a response.
Here you go!
Q. What do I need to do to upgrape from FW-1 2.x to FW-1 3.0?
>
> A. Several things:
>
> - Obtain a new 3.0 license from the Sun Licensing Center. Customers
> may dial 1800-USA-4SUN, choose option 3, then option 1. Have
> your "Right To Use" or "Binary Code License" ready. (If you have
> lost these documents please contact your local Sun sales office).
>
> - Back up your current 2.1 configuration. All the FireWall-1
> configuration files exist (or are linked) under /opt/SUNWfw.
>
> - Do a `df -k` to determine how much disk space you have
> on each partition.
>
> - `cp -r /opt/SUNWfw /opt/SUNWfw-BACK-UP` or `cp` to
> a partition other than /opt, if you like.
>
> - Use `tar` or `ufsdump` to back up to tape. Refer to the
> appropriate man pages for more info.
>
> - Stop the firewall software using `fwstop` and quit the FW-1 GUI.
> `ps -ef|grep fw` to make sure no FW-1 processes are running.
>
> - Run `fw ver` to determine if you have the VPN version of the
> software. The letters "VPN" will be clearly displayed if you
> have the VPN software, as below.
>
> {ROOT}breakers:[56]#fw ver
>
> This is Check Point FireWall-1 Version 2.1 [VPN]
>
> - If you don't have the VPN version, simply `cd` to the
> appropriate directory and execute a `pkgadd`, as follows:
>
> {ROOT}breakers:[67]#cd /cdrom/fw1_30_vpn/SOLARIS2/FW-1
>
> {ROOT}breakers:[68]#ls
> SUNWfw/ SUNWfwvpn/
>
> {ROOT}breakers:[69]#pkgadd -d . SUNWfw
>
> - If you do have the VPN version of the software, be sure to
> perform the `pkgadd` of SUNWfw FIRST, then add SUNWfwvpn.
>
> - Install your FW-1 3.0 license using `/etc/fw/bin/fw putlic -o`
>
> - Start the FireWall-1 software by issuing the `fwstart` command.
>
> - NOTE: FireWall-1 will not be able to use the compiled rule base
> saved in its state directory & may bark about this. This
> is perfectly normal.
>
> - Start the FireWall-1 GUI using `fwui -t`.
>
> - Re-install a FW-1 rule base via the GUI Rule Base Editor
("Policy"-->"Install")
=================================================================
Eric Zajac
Engineer Data Networks
Ameritech Cellular Services
>-----Original Message-----
>From: rsleiman @
gestronic .
com [SMTP:rsleiman @
gestronic .
com]
>Sent: Wednesday, September 10, 1997 1:35 AM
>To: firewalls @
greatcircle .
com; firewalls @
greatcircle .
com;
>fw-1-mailinglist @
us .
checkpoint .
com
>Subject: [FW1] Firewall upgrade from version 2 to version 3.x
>
>
>
>
>
>Hi,
>I plan to upgrade firewall 2 to firewall 3 on solaris 2.5.1. Could someone
>tell me if the upgrade could be done successfully?.
>Do we need to rewrite rules and network address translation ?
>
>Thanks in advance
>Raymond Sleiman
>
>
|
|
