1. Trang Chủ
  2. Kỹ thuật lập trình
  3. Upgrade Guide

Upgrade Guide

Tham khảo tài liệu 'upgrade guide', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả Upgrade Guide Version NGX R65 701313 February 25, 2007 © 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any for

Thể loại Tài liệu miễn phí Kỹ thuật lập trình

Số trang 306

Ngày tạo 8/29/2018 5:31:56 PM +00:00

Loại tệp PDF

Kích thước

Tên tệp

Tải Upgrade Guide (.pdf)

Xem mẫu

  1. Upgrade Guide Version NGX R65 701313 February 25, 2007
  2. © 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN- 1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications. For third party notices, see: THIRD PARTY TRADEMARKS AND COPYRIGHTS.
  3. Contents Preface Who Should Use This Guide.............................................................................. 12 Related Documentation .................................................................................... 14 More Information ............................................................................................. 17 Feedback ........................................................................................................ 17 Chapter 1 Introduction to the Upgrade Process Documentation ................................................................................................ 20 NGX License Upgrade ...................................................................................... 21 Contract Verification ........................................................................................ 22 Management Plug-in Infrastructure.................................................................... 22 Supported Upgrade Paths and Interoperability .................................................... 23 Upgrading Management Servers ................................................................... 23 Backward Compatibility For Gateways ........................................................... 24 Obtaining Software Installation Packages ........................................................... 25 Terminology .................................................................................................... 26 Upgrade Tools ................................................................................................. 28 Upgrading Successfully .................................................................................... 28 Chapter 2 Upgrading Licenses for Products Prior to NGX Overview of NGX License Upgrade ..................................................................... 30 Introduction to License Upgrade ....................................................................... 31 Software Subscription Requirements ................................................................. 32 Licensing Terminology...................................................................................... 33 The License_Upgrade Tool................................................................................ 34 Tool Location ............................................................................................. 34 Tool Options............................................................................................... 35 Simulating the License Upgrade........................................................................ 36 Performing the License Upgrade ....................................................................... 37 License Upgrade Methods............................................................................ 37 Deployment with Licenses Managed Centrally Using SmartUpdate................... 39 Deployment with Licenses Managed Locally .................................................. 44 Trial Licenses ............................................................................................. 47 Troubleshooting License Upgrade ................................................................. 48 Contract Verification ........................................................................................ 57 Chapter 3 Service Contract Files Introduction .................................................................................................... 59 Working with Contract Files .............................................................................. 60 Installing a Contract File on SmartCenter server.................................................. 60 On a Windows Platform ............................................................................... 61 On SecurePlatform, Linux, and Solaris .......................................................... 65 Table of Contents 5
  4. On IPSO .................................................................................................... 68 Installing a Contract File on a Gateway .............................................................. 69 On a Windows Platform ............................................................................... 69 On SecurePlatform, Linux, and Solaris Gateways............................................ 76 On IPSO .................................................................................................... 81 Managing Contracts with SmartUpdate .............................................................. 82 Managing Contracts .................................................................................... 82 Updating Contracts ..................................................................................... 84 Chapter 4 Upgrading a Distributed Deployment Introduction .................................................................................................... 86 Pre-Upgrade Considerations.............................................................................. 88 License Upgrade to NGX R65 ...................................................................... 88 Web Intelligence License Enforcement.......................................................... 88 Upgrading Products on a SecurePlatform Operating System ............................ 89 VPN-1 UTM Edge Gateways Prior to Version 5.0 ............................................ 89 Upgrading SmartCenter Server .......................................................................... 91 Using the Pre-Upgrade Verification Tool ........................................................ 91 SmartCenter Upgrade on a Windows Platform ................................................ 94 SmartCenter Upgrade on SecurePlatform ...................................................... 95 Gateway Upgrade on UTM-1 ........................................................................ 97 Gateway Upgrade on UTM-1 using the WebUI ............................................... 98 SmartCenter Upgrade on Pre-R54 Versions of SecurePlatform......................... 99 SmartCenter Server Upgrade on a Solaris Platform ....................................... 103 SmartCenter Upgrade on a Linux Platform................................................... 105 SmartCenter Upgrade on an IPSO Platform ................................................. 107 Upgrading VPN-1 Express CI R57 SmartCenter Server.................................. 109 Upgrading a SmartCenter High Availability Deployment ................................ 110 Upgrading the Gateway .................................................................................. 111 Upgrading a Clustered Deployment ............................................................. 111 Upgrading the Gateway Using SmartUpdate ................................................ 112 Gateway Upgrade Process on a Windows Platform ........................................ 116 Gateway Upgrade on SecurePlatform .......................................................... 118 Upgrade on SecurePlatform NG FP2, FP3, or FP3 Edition 2 ......................... 119 Gateway Upgrade on a Solaris Platform ....................................................... 121 Gateway Upgrade on an IPSO Platform ....................................................... 122 Upgrading the VPN-1 Express CI R57 Component to R65............................ 124 Chapter 5 Backup and Revert for VPN-1 Power/UTM Introduction .................................................................................................. 126 Backing Up Your Current Deployment .............................................................. 127 Restoring a Deployment.................................................................................. 128 SecurePlatform Backup and Restore Commands ............................................... 129 Backup .................................................................................................... 129 Restore .................................................................................................... 131 SecurePlatform Snapshot Image Management .................................................. 132 Snapshot ................................................................................................. 133 Revert...................................................................................................... 134 6
  5. Reverting to Your Previous Deployment ............................................................ 135 Chapter 6 Upgrading a Standalone Deployment Introduction .................................................................................................. 140 Upgrading versions 4.0 and 4.1 ................................................................. 140 Pre-Upgrade Considerations ............................................................................ 141 License Upgrade to NGX............................................................................ 141 Upgrading Products on a SecurePlatform Operating System .......................... 141 Reverting to Your Previous Software Version ................................................ 142 Using the Pre-Upgrade Verification Tool ...................................................... 142 Standalone VPN-1 Gateway Upgrade on a Windows Platform.............................. 144 Standalone VPN-1 Gateway Upgrade on SecurePlatform .................................... 145 Uninstalling Packages ............................................................................... 147 Standalone Upgrade on UTM-1 ....................................................................... 148 Standalone Upgrade on UTM-1 using the WebUI .............................................. 150 VPN-1 Gateway Upgrade on Pre-R54 SecurePlatform Versions ........................... 151 Uninstalling Packages ............................................................................... 153 Standalone VPN-1 Gateway Upgrade on a Solaris Platform................................. 154 Standalone VPN-1 Gateway Upgrade on an IPSO Platform ................................. 156 Uninstalling Previous Software Packages..................................................... 158 VPN-1 Express CI R57 to NGX R65 on SecurePlatform ..................................... 159 Upgrading a Standalone Deployment to R65 ............................................... 159 Chapter 7 Advanced Upgrade of SmartCenter Servers & Standalone Gateways Introduction .................................................................................................. 162 Migrate Your Current SmartCenter Configuration and Upgrade............................ 163 Introduction ............................................................................................. 163 Advanced Upgrade on a Windows Platform .................................................. 163 Advanced Upgrade on a Linux Platform....................................................... 164 Advanced Upgrade on SecurePlatform ........................................................ 169 Advanced Upgrade on an IPSO Platform ..................................................... 171 Advanced Upgrade on a Solaris Platform ..................................................... 173 Migration to a New Machine with a Different IP Address ............................... 177 Migrate Your Current VPN-1 Gateway Configuration & Upgrade .......................... 179 Advanced Upgrade on a Windows Platform .................................................. 179 Advanced Upgrade on a Linux Platform....................................................... 181 Advanced Upgrade on SecurePlatform ........................................................ 185 Advanced Upgrade on an IPSO Platform ..................................................... 187 Advanced Upgrade on a Solaris Platform ..................................................... 189 Chapter 8 Upgrading ClusterXL Deployments License Upgrade to NGX................................................................................. 194 Tools for Gateway Upgrades ............................................................................ 195 Planning a Cluster Upgrade ............................................................................ 196 Permanent Kernel Global Variables ............................................................. 196 Ready State During Cluster Upgrade/Rollback Operations ............................. 197 Upgrading OPSEC Certified Third-Party Cluster Products .............................. 197 Table of Contents 7
  6. Minimal Effort Upgrade on a ClusterXL Cluster ................................................. 198 Zero Downtime Upgrade on a ClusterXL Cluster ................................................ 199 Supported Modes...................................................................................... 199 Full Connectivity Upgrade on a ClusterXL Cluster .............................................. 202 Understanding a Full Connectivity Upgrade ................................................. 202 Supported Modes...................................................................................... 203 Performing a Full Connectivity Upgrade ...................................................... 204 Chapter 9 Upgrading Provider-1 Introduction .................................................................................................. 208 Supported Versions and Platforms .............................................................. 208 Provider-1/SiteManager-1 Terminology........................................................ 209 Before You Begin ...................................................................................... 209 Provider-1/SiteManager-1 Upgrade Tools ......................................................... 210 Pre-Upgrade Verifiers and Fixing Utilities .................................................... 210 Installation Script ..................................................................................... 211 pv1_license_upgrade................................................................................. 213 license_upgrade........................................................................................ 213 cma_migrate ............................................................................................ 214 migrate_assist .......................................................................................... 217 migrate_global_policies ............................................................................. 218 Backup and Restore .................................................................................. 218 Provider-1/SiteManager-1 License Upgrade ...................................................... 220 Overview of NGX License Upgrade .............................................................. 220 Introduction to License Upgrade in Provider-1 Environments......................... 221 Software Subscription Requirements .......................................................... 222 Understanding Provider-1/SiteManager-1 Licenses....................................... 222 Before License Upgrade ............................................................................ 224 Choosing The Right License Upgrade Procedure .......................................... 229 System-Wide License Upgrade, Before Software Upgrade ............................. 231 System-Wide License Upgrade Using the Wrapper........................................ 235 System-Wide License Upgrade, After Software Upgrade................................ 236 License Upgrade for a Single CMA.............................................................. 239 License Upgrade Using the User Center ...................................................... 245 SmartUpdate Considerations for License Upgrade ........................................ 246 Troubleshooting License Upgrade ............................................................... 246 Provider-1/SiteManager-1 Upgrade Practices .................................................... 251 In-Place Upgrade...................................................................................... 251 Replicate and Upgrade .............................................................................. 254 Gradual Upgrade to Another Machine ......................................................... 255 Migrating from a Standalone Installation to CMA ......................................... 257 MDS Post Upgrade Procedures................................................................... 260 Upgrading in a Multi-MDS Environment ........................................................... 261 Pre-Upgrade Verification and Tools ............................................................. 261 Upgrading a Multi-MDS System ................................................................. 262 Restarting CMAs ............................................................................................ 265 Restoring Your Original Environment................................................................ 266 Before the Upgrade................................................................................... 266 8
  7. Restoring Your Original Environment........................................................... 266 Renaming Customers ..................................................................................... 267 Identifying Non-Compliant Customer Names................................................ 267 High Availability Environment .................................................................... 267 Automatic Division of Non-Compliant Names............................................... 267 Resolving Non-Compliance ........................................................................ 268 Advanced Usage ....................................................................................... 269 Changing the MDS IP Address and External Interface........................................ 271 IP Address Change.................................................................................... 271 Interface Change ...................................................................................... 271 SmartDefense in Provider-1 ............................................................................ 272 Chapter 10 Upgrading SmartLSM ROBO Gateways Planning the ROBO Gateway Upgrade .............................................................. 274 ROBO Gateway Upgrade Package to SmartUpdate Repository............................. 275 License Upgrade for a VPN-1 Power/UTM ROBO Gateway .................................. 276 Using SmartLSM to Attach the Upgraded Licenses....................................... 276 License Upgrade on Multiple ROBO Gateways ............................................. 277 Upgrading a ROBO Gateway Using SmartLSM .................................................. 278 Upgrading a VPN-1 Power/UTM ROBO Gateway ........................................... 278 Upgrading a VPN-1 UTM Edge ROBO Gateway ............................................ 280 Upgrading a VPN-1 Power/UTM ROBO Gateway In Place .............................. 281 Using the Command Line Interface.................................................................. 282 SmartLSM Upgrade Tools .......................................................................... 282 Upgrading a VPN-1 Power/UTM ROBO Gateway Using LSMcli ....................... 284 Upgrading a VPN-1 UTM Edge ROBO Gateway Using LSMcli ........................ 285 Using the LSMcli in Scripts ....................................................................... 286 Chapter 11 Upgrading Eventia Overview ....................................................................................................... 290 Upgrading Eventia Reporter ............................................................................ 290 For Standalone Deployments...................................................................... 290 For Distributed Deployments ...................................................................... 291 Advanced Eventia Reporter Upgrade ........................................................... 293 Enabling Eventia Analyzer after Upgrading Reporter ..................................... 295 Upgrading Eventia Analyzer ............................................................................ 296 Upgrading Eventia Analyzer to NGX R65 ..................................................... 296 Verifying the Events Database Has Been Moved ........................................... 298 Enabling Eventia Reporter ......................................................................... 298 Index........................................................................................................... 305 Table of Contents 9
  8. 10
  9. Preface P Preface In This Chapter Who Should Use This Guide page 12 Related Documentation page 14 More Information page 17 Feedback page 17 11
  10. Who Should Use This Guide Who Should Use This Guide This guide is intended for administrators responsible for maintaining network security within an enterprise, including policy management and user support. This guide assumes a basic understanding of • System administration. • The underlying operating system. • Internet protocols (IP, TCP, UDP, and so on). • Summary of Contents Chapter Description Chapter 1, “Introduction to This chapter introduces the upgrade process. the Upgrade Process” Chapter 2, “Upgrading This chapter covers licensing issues as regards Licenses for Products Prior to NGX. NGX” Chapter 3, “Service Contract This chapter covers Service Contract Files Files” Chapter 4, “Upgrading a This chapter covers upgrading a distributed Distributed Deployment” deployment; that is, where the enforcement points and SmartCenter server are installed on separate machines. Chapter 5, “Backup and This chapter covers the backup and revert Revert for VPN-1 process. Power/UTM” Chapter 6, “Upgrading a This chapter covers upgrading a standalone Standalone Deployment” deployment, where the enforcement point and the SmartCenter server are installed on the same machine. Chapter 7, “Advanced This chapter covers Advanced upgrade Upgrade of SmartCenter procedures for SmartCenter Server and Servers & Standalone Standalone Gateways. Gateways” Chapter 8, “Upgrading This chapter covers upgrade issues relating to ClusterXL Deployments” ClusterXL. 12
  11. Who Should Use This Guide Chapter Description Chapter 9, “Upgrading This chapter covers upgrade issues regarding Provider-1” Provider-1. Chapter 10, “Upgrading This chapter covers upgrading SmartLSM ROBO SmartLSM ROBO Gateways” Gateways. Chapter 11, “Upgrading This chapter covers upgrading Eventia Reporter. Eventia” Preface 13
  12. Related Documentation Related Documentation The NGX R65 release includes the following documentation TABLE P-1 VPN-1 Power documentation suite documentation Title Description Internet Security Product Contains an overview of NGX R65 and step by step Suite Getting Started product installation and upgrade procedures. This Guide document also provides information about What’s New, Licenses, Minimum hardware and software requirements, etc. Upgrade Guide Explains all available upgrade paths for Check Point products from VPN-1/FireWall-1 NG forward. This guide is specifically geared towards upgrading to NGX R65. SmartCenter Explains SmartCenter Management solutions. This Administration Guide guide provides solutions for control over configuring, managing, and monitoring security deployments at the perimeter, inside the network, at all user endpoints. Firewall and Describes how to control and secure network SmartDefense access; establish network connectivity; use Administration Guide SmartDefense to protect against network and application level attacks; use Web Intelligence to protect web servers and applications; the integrated web security capabilities; use Content Vectoring Protocol (CVP) applications for anti-virus protection, and URL Filtering (UFP) applications for limiting access to web sites; secure VoIP traffic. Virtual Private Networks This guide describes the basic components of a Administration Guide VPN and provides the background for the technology that comprises the VPN infrastructure. 14
  13. Related Documentation TABLE P-1 VPN-1 Power documentation suite documentation (continued) Title Description Eventia Reporter Explains how to monitor and audit traffic, and Administration Guide generate detailed or summarized reports in the format of your choice (list, vertical bar, pie chart etc.) for all events logged by Check Point VPN-1 Power, SecureClient and SmartDefense. SecurePlatform™/ Explains how to install and configure SecurePlatform Pro SecurePlatform. This guide will also teach you how Administration Guide to manage your SecurePlatform and explains Dynamic Routing (Unicast and Multicast) protocols. Provider-1/SiteManager-1 Explains the Provider-1/SiteManager-1 security Administration Guide management solution. This guide provides details about a three-tier, multi-policy management architecture and a host of Network Operating Center oriented features that automate time-consuming repetitive tasks common in Network Operating Center environments. TABLE P-2 Integrity Server documentation Title Description Integrity Advanced Explains how to install, configure, and maintain the Server Installation Integrity Advanced Server. Guide Integrity Advanced Provides screen-by-screen descriptions of user Server Administrator interface elements, with cross-references to relevant Console Reference chapters of the Administrator Guide. This document contains an overview of Administrator Console navigation, including use of the help system. Integrity Advanced Explains how to managing administrators and Server Administrator endpoint security with Integrity Advanced Server. Guide Integrity Advanced Provides information about how to integrating your Server Gateway Virtual Private Network gateway device with Integrity Integration Guide Advanced Server. This guide also contains information regarding deploying the unified SecureClient/Integrity client package. Preface 15
  14. Related Documentation TABLE P-2 Integrity Server documentation (continued) Title Description Integrity Advanced Provides information about client and server Server System requirements. Requirements Integrity Agent for Linux Explains how to install and configure Integrity Agent Installation and for Linux. Configuration Guide Integrity XML Policy Provides the contents of Integrity client XML policy Reference Guide files. Integrity Client Explains how to use of command line parameters to Management Guide control Integrity client installer behavior and post-installation behavior. 16
  15. More Information More Information • For additional technical information about Check Point products, consult Check Point’s SecureKnowledge at https://secureknowledge.checkpoint.com/. • View the latest version of this document in the User Center at http://www.checkpoint.com/support/technical/documents Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to: cp_techpub_feedback@checkpoint.com Preface 17
  16. Feedback 18
  17. Chapter 1 Introduction to the Upgrade Process In This Chapter Documentation page 20 NGX License Upgrade page 21 Contract Verification page 22 Management Plug-in Infrastructure page 22 Supported Upgrade Paths and Interoperability page 23 Obtaining Software Installation Packages page 25 Terminology page 26 Upgrade Tools page 28 Upgrading Successfully page 28 19
  18. Documentation Documentation This guide covers all available upgrade paths for Check Point products from VPN-1/FireWall-1 NG forward. This guide is specifically geared towards upgrading to NGX R65. The R65 release focuses on: • Increased performance • End point security • Central management • Interoperability Before you begin: • Make sure that you have the latest version of this document by checking in the User Center at: http://www.checkpoint.com/support/technical/documents • It is a good idea to have the latest version of the NGX R65 Release Notes handy. Download them from: http://www.checkpoint.com/support/technical/documents For a new features list, refer to the “NGX R65 What’s New Guide”: http://www.checkpoint.com/support/technical/documents 20
nguon tai.lieu . vn
Tin học văn phòng Đồ họa - Thiết kế - Flash Quản trị Web Cơ sở dữ liệu Quản trị mạng Kỹ thuật lập trình Hệ điều hành Phần cứng An ninh - Bảo mật Chứng chỉ quốc tế Thủ thuật máy tính Điện - Điện tử Kinh tế học Hoá học Xã hội học Môi trường