what components are carried over to the new version?

When you upgrade VPN-1/FireWall-1, what components are carried over to the new version?
(Choose two)


VPN-1/FireWall-1 database

OPSEC database

Backward Compatibility

Rule Base


Upgrading to VPN-1/FireWall-1 NG
N ow that you’ve performed a successful installation of FireWall-1 NG,
it’s time to understand how to upgrade from a previous version of VPN-1/
FireWall-1. At the time of this writing, many companies are looking to
upgrade from an older version of VPN-1/FireWall-1 (usually 4.1 SP3 or
higher) to NG FP3. You can upgrade to NG FP1 from version 4.0 and higher.
If you are running a version older than 4.0, you must upgrade to version 4.0
first, and then upgrade to NG.

With the many enhancements in NG, it’s better to create a fresh install of NG
and then migrate your existing configuration files over to the newly created
NG firewall. The upgrade technique discussed here will upgrade version 4.1
Service Pack 6 configuration files to NG configuration files. It is recommended
that the 4.1 files are upgraded to Service Pack 6 before convertingthem to NG.
In many instances, companies are viewing the NG upgrade as an opportunity
to upgrade the current platform on which their firewalls are running.
For example, this is an chance to upgrade operating systems from Solaris 2.6
to 2.8, or to upgrade hardware from a Pentium II machine with limited hard
drive space and memory to a Pentium IV with lots of hard drive space and
much more memory.
In order to make the NG upgrade a smooth and convenient process,
Check Point has developed an upgrade script that helps convert 4.1 configuration
files to NG configuration files. This scripts automates the conversion
by using the confmerge command on the objects.C , fwauth.NDB , and
rulebases.fws files. (This script is not meant for people who are moving
from a Windows machine to a Unix machine, or for people running FloodGate.) The script is in a zipped file called upgrade.4.3.tgz and can be
downloaded from the support.checkpoint.com website. Here are the
steps to use the upgrade script :
1. Create a new SmartCenterServer machine with the desired Feature Pack
version of NG (FP1, FP2 or FP3), based on the installation guidelines
previously discussed. This upgrade procedure will upgrade to FP3.
2. Download and unzip the upgrade.4.3.tgz file. This file opens into
a directory named upgrade .
3. Place the 4.1 SP6 files on the SmartCenter Server under upgrade/4.1 :
a) objects.C .
b) fwauth.NDB . On Windows machines, this file is only the pointer
to the real database file-for example, fwauth.NDB522 . In this
case, take the real database file (fwauth.NDB522 ), rename it
fwauth.NDB , and put it in the \upgrade\4.1 directory.
c) rulebases.fws .
4. Stop the FireWall-1 Services ( cpstop ), cd to the < upgrade_directory > ,
and issue the following command
in Windows (upgrade from 4.1 to FP3):
upgrade.bat < upgrade_directory>\upgrade FP3 4.1
In Unix, enter this command (upgrade from 4.1 to FP3):
upgrade.csh < upgrade_directory>/upgrade FP3 4.1
5. Restart the FireWall Services ( cpstart ) and log in to the GUI.
After you have successfully run the script, in order to transfer the remaining
configuration files (such as gui-clients , masters , and so on), copy the
following files from the VPN-1/FireWall-1 4.1 $FWDIR/conf directory to the

VPN-1/FireWall-1 NG $FWDIR/conf directory:
xlate.conf , aftpd.conf , smtp.conf , sync.conf , masters ,
clients , fwmusers , gui-clients , slapd.conf , serverkeys ,
In addition to understanding which configuration files are important in
upgrading to Check Point NG , it’s important to understand which configuration
files need to be saved for backup in case of a failure or loss of files. The
next section talks about backup and restore options and identifies the critical
configuration files needed for backup.

Leave a Reply

Your email address will not be published. Required fields are marked *