switching to utm 1 270 total security bundle

[sushil]

Hi,
I am running NG (r55) running on nokis IP 350 ipso 3.8.1.
We are upgrading/migrating to utm1 270.

Would like to know how can I upgrade this.i.e to enforce the exisitng policy of NG to NGX(r65).Steps or any url would be of great help
Thanks in advance.

Reg,
Sushil

[mcnallym]

Presuming your existing Nokia is an All-In-One Standalone Management and Gateway then just configure the UTM 270 appliance with the same Hostname, IP address as the Nokia and use the Upgrade Export Tool to export the Check Point configuration and import onto the UTM-270 appliance.

[sushil]

Yes it is standalone all-in -one deployment.Do I need to dowload the r65 upgrade tool on ipso first in order to get .tgz files??So in that case do i need to upgrade my ng to ngx on existing deployment?

Currently,I am runnning ipso 3.8.1 and checkpoint ng r55.
reg,
Sushil

[mcnallym]

No you do not need to upgrade the existing install to NGX R65. T

ake the R65 Upgrade Tools for IPSO files from the Check Point website.
Place the file into $FDWIR/bin/upgrade_tools on the Nokia. Extract the files with gunzip *.tgz

Run the ./upgrade_export filename to extract the configuration of the Check Point.

Place the file on a tftp server.

When running the initial install of the sysconfi say to import configuration from TFTP Server and point at the one with the extracted config file on.

Or just place the file on the $FWDIR/bin/upgrade_tools directory of the UTM270 appliance and run ./upgrade_import filename

Esnure you are not logged into any Check Point client at the time on the UTM 270.

[sushil]

Thanks for the valued info.I will try it and let you know.
Moreover I am looking for url filtering on the UTM as well.Where to few members having full access of all the urls and rest having limited.I will be running windows server running on dhcp.

So in url filtering looking for exception stuff for top management.

I am not able to find any link especially on url filtering.

Kindly help/guide..

Reg,
Sushil

[mcnallym]

OK I can answer this one for you no problem.

The URL filtering is pretty limited in what you can do compared to a full seperate solution like Websense.

You can only configire one web filtering policy, this is then either applied, monitored or off altogether.

Under Advanced then there is an option to say to apply to all http traffic or all traffic except and you configure the Network Exceptions.

Under here you can say traffic from source and too destinations is not filtered.

You will however need to know the Source IP of the Top Management to say that traffic from them is excepted from the URL Filtering. If they are on dhcp and get a different ip outside the exception then they will get filtered.

It is not like Websense where you can apply filtering per user name and lookup against the Auth Server.

[sushil]

Hi,
I am facing a problem here.I downloaded below upgrade tool from checkpoint.
Check Point Software: NGX Utilities.

Now tried it to copy to upgrade_tools directrory from my windows machine.
after sending ftp <ipso box IP> from my windows machine able to log connect to the nokia ipso box.

Very strangly not able to find directory $FWDIR/bin/upgrade_tools.It shows no such directory or file.Though I can see all other /etc ,/var,/log directories etc.

But telnetting or local login to ipso box I can see $FWDIR/bin/upgrade_tools and under that 2 different entries upgrade_export and upgrade_import.

Please help in this as not able to transfer the upgrade files on nokia ipso.

Also let me know whether tool in downloaded is coorect one and while running it on do i need to stop checkpoint services.

Reg,
Sushil

[mcnallym]

Normally the way I transfer is to get the IPSO R65 Upgrade Tools file and place on the ftp server. I then login to the Nokia via SSH and then just ftp upto the Nokia from the FTP Server.

You don't transfer the extracted directory from a Windows Machine.

If you must use the FTP Server on the Nokia to transfer then get the file onto the boxes home directory and transfer the file to $FWDIR/bin/upgrade_tools afterwards and then extract using gunzip and tar. I don't believe that the FTP Server on the Nokia can see the /opt partition that the packages are installed on.

[sushil]

I got it to transfer to Nokia box by running cuteftp on my desktop.
Here I found that $FWDIR not located thorugh ftp.You have to follow /opt/CPfw1/bin upgrade_tools path.

I executed the upgrade_export and its been success.Now got the file for import and will seek your help if got stuck while importing.My UTM is suppose to deliver in coming week.

Thanks a lot for ur active support.

Reg,
Sushil

[sushil]

Hi Mcnallym,

I am trying to run the upgrade_import on utm.

Here using the same name and ip address as of nokia.
After trnasferring the .tgz file and running ./upgrade_import filename getting the following error.
Error: Failed to read the configuration info of the production machine.

For your info I am doing it offline.i.e got the UTM,configured credentials.
Should I first place it online and actulize it using smart map etc. and nat the networks also.
What could be cause of above message.

Reg,
Sushil

[Thorpuse]

Make sure you copy the file as a binary file - I'd suggest using scp rather than FTP too.

[sushil]

I copied it using scp only.
Not got point about binary file.
Simply got .tgz file from my old system and transfered it to a desktop.And transfereing the same file with extension .tar.tgz.

Is it ok??

[sushil]

Can somebody please help.
Getting the error of Failed to read the configuration of local machine.

Follwed the procedure upgrade_export on ipso.Got the resulting .tgz and scp that to utm box.The software on utm is R65 messaging security.

Simply given the same name and ip as of original box.

Reg,
Sushil

[mdiot]

During the installation of the UTM1 did you uncheck the plugin connectra ?
If yes there is a probleme in your upgrape export. If you extract the file there is a file named conf. In it you have a line named plugin and I have discover that the parameter is not full filled. You have to edit the conf file and add N/A to this line, then compress, them import. It will propably solved your problem.

[sushil]

I can't find file you mentioned.Will it to be on the file I got from upgrade_export from IPSO.

Can you please let me know the exact procedure for the same.

Reg,
Sushil