Merging objects.C files FireWall-1 4.1 and earlier supports a command called "fw confmerge" that will allow you to merge multiple objects.C files into one file (this is how the fwinstall script does an upgrade). These commands will not work on FireWall-1 NG. The syntax is:
fw confmerge obj1.C obj2.C > objects.C
Which merges obj1.C and obj2.C into the file objects.C. The proper procedure for performing this merge is as follows:
- Stop the firewall (fwstop).
- Make a backup of the $FWDIR/conf directory.
- Copy your objects.C files into a temp directory, giving them different names (e.g. obj1.C, obj2.C).
- Run the command 'fw confmerge obj1.C obj2.C > objects.C'
- Remove objects.C, objects.C.sav, objects.C.bak from $FWDIR/conf
- Copy the new objects.C file into $FWDIR/conf.
- Start the firewall (fwstart).
I have found this works best when one of the objects.C file is "clean," i.e. from a fresh install. This is what the FireWall-1 upgrade process does.
Make sure that if you're converting from Windows to Unix (or vice versa) that you change the line endings, otherwise you will get errors when executing this command.
When merging the objects from a 3.0b management console to a 4.1 management console using fw confmerge, the interfaces tab on the Firewall objects do not get populated and has to be entered manually, SNMP may or may not work. This is also true for any object that requires the interface tab to be populated. (i.e. routers and switches). Version information may not carry over. In this case, you will have to delete and recreate the objects so that they are created properly.
Warning: confmerge has been proven to put duplicate entries in the objects.C file. If two objects have the same name, but use different attributes, you will see duplicate entries.
--
PhoneBoy - 10 Jan 2004
FAQForm FAQs.Class:
MiscellaneousFAQs FAQs.OS: FAQs.Version: 4.1
Merging objects.C files 
2005-08-13 
Merging objects.C files 
Linear Mode
