Inconsistent Registry Contents

Barry J. Stiefel
2005-08-13, 16:27
FireWall-1 binds to the TCP/IP stack and NIC drivers. If FireWall-1 does not successfully bind to the interfaces or something is done which changes how things are bound (i.e. installing a new NT Service Pack), your networking configuration can get corrupted. Unfortunately, there is no pleasant way out of this situation. Here are the steps you need to follow:

Disable the "Check Point FireWall-1" Service and the "FireWall-1" and "FireWall-1 Loader" Devices. Reboot.
If you have made any changes to the routing table, make a list of your "persistant" routes (e.g. route -p print > routes.txt). Another, albeit more dangerous way to do this is to use regedt32 to save the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesT cpipParametersPersistentRoutes (and values beneath).
Remove all adapters and protocols from the Windows NT Networking configuration. Reboot.
Re-install and configure proper NIC drivers and TCP/IP. Also make sure SNMP Service is installed. Reboot
Verify 'ipconfig /all' returns correct information.
Re-install any service packs and hotfixes you previously installed. Reboot.
If you use address translation, back up the %FWDIR%statelocal.arp as the next step will delete this file.
Re-install FireWall-1 version 3.0b or 4.0SP1 (or whatever "base") as an "upgrade," which will recognize and use existing configuration. Do not reboot.
Re-install whatever patch or FireWall-1 service pack you use (i.e. 3064, 3072, SP8). Reboot.
Verify 'ipconfig /all' returns correct information. If necessary, re-add your persistant routes (which you should have a list of from above or the actual registry keys). Verify network connectivity, etc.
If necessary, copy-back backed-up local.arp file into the state directory.
Re-install the security policy.

An alternate method for steps 1-6 above (suggested to me by Paul Culmsee):

Remove FireWall-1
Copy tcpip.sys from your latest Service Pack (run ServicePackFile.exe /x to do this) or from your Windows NT CD Rom.
Proceed to step 7 above.

-- PhoneBoy (http://www.phoneboy.com/bin/view.pl/Main/PhoneBoy) - 11 Jan 2004

