Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewall-1 Rulebase Migration

From: "Stefan Norberg" <stefan () orbisec com>
Date: Mon, 8 Oct 2001 14:46:57 +0200
It's a FAQ: http://www.phoneboy.com/faq/0149.html

Stefan

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Sean Lewis
Sent: den 6 oktober 2001 01:06
To: firewall-wizards () nfr com
Subject: [fw-wiz] Firewall-1 Rulebase Migration


hello,

First off, let me apologize if this is a pretty simple question - I've
spent a few hours today researching ways to accomplish this and haven't
found any feasible solutions:

Basically, I'm upgrading my Firewall-1 installation. Currently I have a
Windows NT FW-1 installation running the FWM and the management module
on the same box. This setup has existed for almost 4 years, and as you
imagine there has been a good collection of user / network objects that
have amassed. I've built a new FW-1 cluster of Nokia IP440's to replace
this older firewall, and have them running VRRP, synch'd up in FW-1 with
a windows 2000 management console using the gateway clustering, all that
good stuff. anwyays, I'd basically like to migrate all my objects and
rulebase from my WinNT Firewall to the new Nokia platform - I tried what
seemed logical to me, copying the objects.C and rules.C over and trying
an 'fw gen' on the Nokias, no luck! The compile errors out on 3 or 4
different places, I'm suspecting this may be a problem with version
incompatibility as a fellow admin is not able to connect to the new
management console with his 4.1 [no sp] policy editor. Here are some
version numbers:

old firewall: CP VPN-1/Firewall-1 4.1 SP2 on NT4
new firewall: [2] Nokia IP440 - IPSO 3.4 06/26/2001 CP VPN-1/Firewall-1
4.1 SP4 managed by a Win2000 SP2 box running 4.1SP4 management software.

If anyone has any suggestions on the best way to do this I'd be _very_
appreciative, obviously I don't want to migrate all these objects and
rules over by hand! Thanks in advance!

-- 
%% Sean Lewis                   %% sml () subterrain net
%% Security Researcher          %% http://www.subterrain.net 
%% Subterrain Security Group    %% "trust, but verify" 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: