说明:本文是在UTM硬件平台的Secure platform操作系统中安装R60的HFA07补丁;
版权:苏州思朋信息提供
安装HFA07补丁前的准备工作如下:
一、防火墙策略备份步骤:
1.通过console/telnet/ssh中任一种登录checkpoint操作系统,然后输入以下命令进入expert模式:
[NGXR65]#expert
Enter expert password: **** //此处输入expert密码
[Expert@NGXR65]#cd $FWDIR/bin/upgrade_tools
2.[Expert@NGXR65]#ls
出现如下界面:
upgrade_export upgrade_import
3.[Expert@NGXR65]#./upgrade_export 20110802(此处为备份的文件名)
提示如下,开始备份:
You are required to close all Check Point clients before the Export operation begins.
If the export fails, stop Check Point services and run the upgrade_export command again.
Press ENTER when ready..
Checking the existence of necessary files...
Copying files to temp dir...
Building configuration file...
Compressing the files...
The export operation finished successfully.
提示备份成功,之后将备份好的文件拷出到另一台电脑上做备份存档;
将备份文件上传到FTP方法:
[Expert@NGXR65]#ftp ip地址 //此处ip地址为自己notebook的ip地址
[Expert@NGXR65]#输入ftp用户名
[Expert@NGXR65]#输入ftp密码
[Expert@NGXR65]#bin //二进制输出
[Expert@NGXR65]#hash //验证完整性
[Expert@NGXR65]#put 20110802.tgz(20110802.tgz为之前备份生成的文件名)
接着核对在笔记本刚上传的文件是否存在;
二、将HFA上传到checkpoint,新建一个HFA的文件夹,将补丁包上传到此文件夹;
[Expert@NGXR65]#cd /opt/packages
[Expert@NGXR65]#mkdir HFA
[Expert@NGXR65]#ls
[Expert@NGXR65]#ftp ip地址(ip地址为笔记本电脑ip地址)
[Expert@NGXR65]#填入ftp用户名
[Expert@NGXR65]#填入ftp密码
[Expert@NGXR65]#bin
[Expert@NGXR65]#hash
[Expert@NGXR65]#get Check_Point_NGX_R65_HFA_70.linux.tgz(升级补丁包的名字)
[Expert@NGXR65]#tar –zvxf Check_Point_NGX_R65_HFA_70.linux.tgz(解压缩)
提示如下:
./CPngcmp/
./CPngcmp/ngbc_R60_HFA.tgz
./wrapper.conf
./PreInstall.sh
./UnixInstallScript
./CPvpn/
./CPvpn/fw1_R60_HFA.tgz
注:UnixInstallScript为可执行安装文件,下面会用到!
三、安装补丁包
[Expert@NGXR65]# ./UnixInstallScript
Welcome to HFA_R60_04 installation.
Do you wish to continue [Y/n]?
y
***********************************************
You are going to install R60 HFA on the machine
***********************************************
Installing VPN-1 ...
... VPN-1 installation succeeded.
Installing R55 Compatibilty Package ...
... R55 Compatibilty Package installation failed!
---------------------------------------------------------------
The installation of HFA_R60_04 has completed successfully.
You must reboot your computer for the changes to take effect.
---------------------------------------------------------------
[Expert@NGXR65]# reboot //重启防火墙
完成补丁安装
最后使用[Expert@NGXR65]# fw ver//查看补丁包是否安装成功
