[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

aw: [FW1] 4.0 Instal horror story

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: aw: [FW1] 4.0 Instal horror story
From: Andreas Huenger <Andreas.Huenger@d2privat.de>
Date: Tue, 20 Apr 1999 07:49:23 +0100 (MEZ)



Hi,

the only problems I had with the upgrade (yet :-) ) resulted from 
selfdefined
services.
We defined some SQLnet similiar services in 3.0b (which worked perfect). 
There occured no problems during the upgrade itself, but the upgraded 
firewall was not able to compile a new rulebase. The compiler complained 
about unknown variables. It seems, the INSPECT code of 4.0 is different  
from the one in 3.0
So we had first to delete these services and then to repeat the upgrade.

I will upgrade two more systems this week. Perhaps I can report new 
findings at the end of the week.

Did you reboot your machine after deinstalling 4.0 and before reinstalling 
3.0?
Maybe your system crash is caused by problems with incompletely 
installed/deinstalled kernel modules.

The only real crash i produced yet (at least during FW installation), was 
caused 
by human error: I took the wrong CD from the shelf and installed 3.0a 
instead of
3.0b on a Solaris 2.6 platform :-)

							Ciao

								Andreas




______________________________________________________________________
Dr. Andreas Huenger
Systemingenieur Network Security

Mannesmann Mobilfunk GmbH
Abteilung Networkmanagement Engineering 
Am Seestern 1
40543 Duesseldorf

Tel.: [49]-(0)211/533-3949
E-Mail: andreas.huenger@d2privat.de
______________________________________________________________________
-------------
Original Text
Von "Dan R Dunn -CTR" <DUNNDR@acq.osd.mil>, am 19.04.1999 16:04:


This weekend, we attempted (attempted being the operative word) to upgrade 
our
firewall to Version 4.0.  We started by removing the harddrive with Solaris
2.5.1/Firewall-1 V3.0 and replacing it with a newly loaded drive running 
Solaris
2.6 (patched, of course).  After loading up all the appropriate interface
drivers and making sure we could ping out the three interfaces (internal,
external, dmz), we ran the pkgadd for 4.0.  We had moved a copy of 3.0 onto 
the
drive so that we could use the "upgrade" option in order to retain the 
existing
rulebase and objects.C.  Everything appeared to work smoothly, except that
objects.C now had two of everything in it!  After using fwui to bring up 
the gui
and edit our objects, we attempted to load our most current ruleset, which
appeared intact in the gui.  Lo and behold, the system hung and the policy 
would
not load.  We decided to install FW-1 SP2 in hopes that this would fix the
problem.  The SP2 failed with an error message that the FW-1 install was 
*not*
complete!  At this point, we decided to uninstall FW-1 4.0 and fall back to 
3.0,
which we have successfully running on two other Solaris 2.6 firewalls.  The
uninstall appeared to work successfully, as did restoring 3.0, but when we
rebooted...core dump, system crash!  It crash so hard that we couldn't even
access the /bin directory for basic commands!!!  At this point, we decided 
to
R&R the disk drive.  THAT was the ONLY thing that worked successfully.  We 
are
now back to square one, Solaris 2.5.1/FW-1 3.0.
Has anyone run into similar problems with trying to install 4.0 on Solaris 
2.6?
I know Lance Spitzner, Olaf Selke, Frank Darden and others have commented 
on
their experiences, but I haven't seen anything this severe before.
Oh, by the way, when we did try to bring up 4.0 the first time after 
loading an
UNLIMITED license, we got the error message that out license was limited to 
only
25 hosts!  Icing on the cake!

Comments, questions, suggestions?  If 4.0 is going to be this big a pain in 
the
%%%, we're seriously looking at other firewall solutions!

TIA,

Dan
------------------------------------------------------------
Daniel R. (Dan) Dunn, EE
INFOSEC Engineer, GRC International
OUSD(A&T) Firewall Administrator
p: 703-614-8086, ext 102
f: 703-693-3112

The opinions expressed by the author are entirely his own, and do not 
reflect
those of GRCI, Inc., or its subsidiaries, nor do they reflect policy, 
opinion,
or endorsement by the US Department of Defense or any of its agencies.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

----------------------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted Mails can NOT be checked !

* * *

Diese Mail wurde auf Viren ueberprueft
Hinweis: Verschluesselte Mails koennen NICHT geprueft werden !
----------------------------------------------------------------------
 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: aw: [FW1] problem with SR and fw-1 4.0 SP2 (and 1 for that m...
Next by Date: [FW1] Cannot connect to Server
Prev by thread: aw: [FW1] problem with SR and fw-1 4.0 SP2 (and 1 for that m...
Next by thread: AW: [FW1] 4.0 Instal horror story
Index(es):
- Date
- Thread