Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alberto_Atienza
Participant
Participant
Jump to solution

Replicate enviroment R70.50 over solaris 10

Hi Community,

I have a very very old environment at R70.50 on solaris.


I am trying to reproduce the environment in a virtual machine, for them I have to follow the following steps:

1 - install solaris 10
bash-3.00# join me -a
SunOS unknown 5.10 Generic_141445-09 i86pc i386 i86pc

2 - install R70
I have mounted an iso that I had  "Check_Point_R70.Solaris.iso"

bash-3.00# cd check_point_r70.solaris/
bash-3.00# ls -l
total 531
-r--r--r-- 1 root root 1811 Mar 5 2009 Berkeley_License.txt
-r--r--r-- 1 root root 17992 Mar 5 2009 Gnu_License.txt
-r-xr-xr-x 1 root root 3815 Feb 23 2009 IntUnixInstallScript
-r--r--r-- 1 root root 26430 Mar 5 2009 LGPL.txt
-r--r--r-- 1 root root 987 Mar 5 2009 License.txt
-r--r--r-- 1 root root 6336 Mar 5 2009 ReadmeUnix.txt
-r--r--r-- 1 root root 6482 Mar 5 2009 ReadmeWindows.txt
dr-xr-xr-x 2 root root 2048 Mar 10 2009 SU
-r--r--r-- 1 root root 653 Mar 10 2009 TRANS.TBL
-r-xr-xr-x 1 root root 194560 Feb 23 2009 UnixInstallScript
-r--r--r-- 1 root root 81 Mar 5 2009 alpha.txt
dr-xr-xr-x 15 root root 4096 Mar 10 2009 solaris2
dr-xr-xr-x 2 root root 4096 Feb 23 2009 wrappers

3 - according to the documentation execute UnixIntallScript 

bash-3.00# ./UnixInstallScript
bash: ./UnixInstallScript: Invalid argument

 

Any idea why it's failing? I have no experience in these versions and I can't find what might be happening.
Any ideas to be able to export the policy with all the objects and rules that I could migrate up to R81.10?

Thank you

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Solaris x86 wasn't a supported installation target for R70.50.
That means you need to use SPARC Solaris on actual Sun hardware or something capable of emulating it.

Assuming you can do that, it should be possible to migrate the configuration to a current version through a series of upgrades.
I believe the last version supported on Solaris was R75.40, which you should be able to upgrade directly to from R70.50 according to the R75.40 Release Notes.
Once you get to R75.40, you can use the R77.30 migration tools and import the configuration into a new Gaia install running R77.30: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
From there, you can upgrade to R80.40, then R81.10 (either in-place or using the migration tools).

However, it might be easier to use the following tool to extract some of the configuration from your backup that might be useful: https://community.checkpoint.com/t5/Management/Exporting-Importing-R77-x-and-Earlier-Configuration-o... 
You just need the objects_5_0.C and rulebases_5_0.fws file from the backup you have.
You can then use this tool to "import" the information into an R77.30 installation and then use the migration tools to copy the configuration to R80.40 then R81.10.

Hopefully that helps.

View solution in original post

(1)
8 Replies
Tal_Paz-Fridman
Employee
Employee

The difference in technologies and yeas between R70.X and R81.10 is too wide (R70.x is from 15 years ago)

Is the Solaris system running on a separate SUN machine? Are you trying to install a VM with new Solaris OS (if so this is not supported)

Alberto_Atienza
Participant
Participant

Hi Tal,

Thanks for your response,

I know they are very old versions, and the idea is upgrade with multiples pahts 
R70.50 -> R75.40 -> R77.30 -> R80.40 -> R81.10
The installation of solaris in production enviromentt is on a sun machine

The installation in virtual solaris is with the same version (solaris 10)  

If this is not supported...
Any other ideas to avoid having to recreate the policy manually (more than 1000 rules)?

 

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

Solaris x86 wasn't a supported installation target for R70.50.
That means you need to use SPARC Solaris on actual Sun hardware or something capable of emulating it.

Assuming you can do that, it should be possible to migrate the configuration to a current version through a series of upgrades.
I believe the last version supported on Solaris was R75.40, which you should be able to upgrade directly to from R70.50 according to the R75.40 Release Notes.
Once you get to R75.40, you can use the R77.30 migration tools and import the configuration into a new Gaia install running R77.30: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
From there, you can upgrade to R80.40, then R81.10 (either in-place or using the migration tools).

However, it might be easier to use the following tool to extract some of the configuration from your backup that might be useful: https://community.checkpoint.com/t5/Management/Exporting-Importing-R77-x-and-Earlier-Configuration-o... 
You just need the objects_5_0.C and rulebases_5_0.fws file from the backup you have.
You can then use this tool to "import" the information into an R77.30 installation and then use the migration tools to copy the configuration to R80.40 then R81.10.

Hopefully that helps.

(1)
Alberto_Atienza
Participant
Participant

I prefer not to touch the physical machine because it is very "delicate".

I´ll try this! https://community.checkpoint.com/t5/Management/Exporting-Importing-R77-x-and-Earlier-Configuration-o...

I will inform you of the result in the next few days.
Thanks for your ideas!

 

0 Kudos
PhoneBoy
Admin
Admin

TAC might also be able to get you a Solaris version of the migration tools for R75.40 (i.e. to migrate your configuration to R75.40), assuming they exist.
This would allow you to copy the configuration to R75.40 on Gaia, then do the series of upgrades.
However, despite odumper/ofiller being an unsupported tool... it may get you there faster.

0 Kudos
Alberto_Atienza
Participant
Participant

After running odumper, ofiller and dbedit, several times fixing the errors, I have been able to migrate existing policies in R70.50 to an R77.30 version. So now updating to R81.10 and register the new firewalls that will have these policies installed is an easy task.
Thanks a lot @PhoneBoy 

0 Kudos
Bob_Zimmerman
Authority
Authority

One important note: a management server created this way won't have the same certificate authority, so you would need to reestablish SIC with the firewalls. This will involve an outage of at least a few minutes. Doing step-by-step upgrades in place could let you avoid an outage.

0 Kudos
the_rock
Legend
Legend

R70.50? I thought it was a joke when I saw it, honestly...I dont ever recall that version : - ). Anyway, I do recall very well UnixInstallScript, so if that fails, did you ensure you gave it proper permissions? Just run chmod 777 UnixInstallScript and try again.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events