Need some checkpoint advice plz
Results 1 to 9 of 9

Thread: Need some checkpoint advice plz

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    177

    Need some checkpoint advice plz

    Right now I'm running FW-1 v 4.1. I'd like to upgrade to NG. But I'd like to do it in a test environment before I do it in production. There are also some things I'd like to mess around with with FW-1 in general, but I'm not going to do it on our active server. I talked to CP, and they said that I could get an eval version to run tests on. But they said that I could not run the upgrade from 4.1 to NG on the eval version.
    CP's licensing makes the product bound to the IP address, so its not like I could just install the product elsewhere and try it out. I'd like to have the test server have access to the internet, but cant do that because of the IP licensing. I can't put a proxy in front of the CP machine to hide its IP, because all our external IPs are in the same range (see where the problem there is?)
    So does anyone have a decent method for testing CP's FW-1?
    Thanks

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    You're telling me that they don't supply you with a way to test the upgrade, before you upgrade? Nice.

    etsh911(mrwall) or Invictus could probably help.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Yeah it was a great feeling. Called them up, and the 'support' guy just stammered and said..."There's no way to do that, that I know of. Go ahead and upgrade, then call support if it messes up." Just a little bit frustrating...

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    Build your test environment offline (from the internet anyway), use the same ip and copy the rulebase and confs into the new one. Make sure the two can't see each other. Then upgrade and test. That's the best way if you can't connect to the internet and don't want to pay for another. If you don't mind extra work - put some web and ftp servers etc into a dmz coming off this test net and then upgrade and see how it goes.
    Trappedagainbyperfectlogic.

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    I'm probably going to do just that Gold Eagle. I'm waiting to see what Invictus or mrwall say about this one, but thats the route I'm probably going to take.
    Thanks!

  6. #6
    Junior Member
    Join Date
    Apr 2002
    Posts
    4
    I have used CP 4.1, what tests did you wanna run?

    Have you tried http://www.phoneboy.com

    Good advice / tips & tricks.

    Also read, Essential Checkpoint Firewall-1 : ISBN 0-201-69950-8

    Good luck !!!

    Hammerman

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    I'd just like to have a test environment out there to play with. I've been meaning to get that book, but no time.
    thanks for the reply!

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Ok....this is actually a pretty simple one.

    Here is what you need to do.

    1. Go to the user center and relicense your current version of CP to the test IP and upgrade it to NG.

    2. Keep the old 4.1 license on your production box until you are ready to upgrade in production.

    3. Do any testing you wish on the new box, and when it is ready, go back to the CP usercenter and relicense NG to the production IP address.

    4. Upgrade the production box, apply the new license, and you should have no problems.

    That's it!!

    **There is actually an engineer from CP working with me right now, and I verified this process with him. There are no problems with doing it this way.

    Hope this helps.

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Hey sounds pretty good! Thanks alot man!
    I'll try it out now.

    Hey worked like a charm (not that I had any doubt!) The checkpoint people said you could switch 5 times before having to ask them to reset it, but man this is perfect!

    Thanks alot man!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides