 Upgrade no more > When recreating a rulebase from scratch
Hello,
when would you recommend recreating a rulebase from scratch? I mean, a customer who upgraded from 4.0 > FP2 > FP3 > R55 > R60 > R61 should not really be upgraded yet another time to R65. You know, in the old days Check Point recommended a lot of manual changes directly inside of the object.C files. Experience shows that now sometimes you need to manually adjust some values via guidbedit because an upgrade to the newest version failed due to a database inconsistency. How long do you wait for reviewing, consolidating, recreating a rulebase completely? Two version steps, five years or until an error appears?
I've seen situations where Check Point clearly stated a rulebase not to be "Check Point conform" after all the years. So the customer didn't receive support until everything had been recreated with Check Point technicians. Where is this conformity defined? I'm looking especially for any official documents about upgrading from version to version (not the general upgrade guide itself) and any official Check Point recommendations or advisories. I won't just tell the client that our experience shows that after ten years a policy should be completely renewed. Clients want to see something more real to spend money for such a process. Something like: "Check Point recommends to update only within an Engine, not between them." Like from NG FP3 to NG AI (R55). It's within the NG engine. Or from R60 to R62 which would be within the NGX engine. I think you got the point of what I am looking for.
Last edited by dantro; 2007-10-29 at 10:50. | 
Upgrade no more > When recreating a rulebase from scratch 
2007-10-29 
Linear Mode
