SV: Database Revision Control

Hi,

Perhaps its you configuration that is buggy?  

I checked on my own SmartCenter now and of the 238
revisionsI got there now none was missing.

Note that this is not P-1, but perhaps it's a bit early to
call it buggy.

Regards,
Torkel

-----Opprinnelig melding-----
Fra: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
På vegne av cisco4ng
Sendt: 26. september 2006 16:08
Til: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Emne: [FW-1] Database Revision Control

just have a story I want to share with everyone.  This is
especially true for those who are familiar with database 
revision control.
   
  I have a P-1 NG with AI r55w.  Everytime I push the policy
from a CMA to an enforcement module, i always create a new 
database revision control so that if something go wrong, 
I can revert back to my last "known good"
configuration.
   
  Everytime I created a new revision control the GUI message
told me that a revision control is successfully created. 
The
  problem is that when I go into the
$FWDIR/conf/db_versions/repository 
direrctory of that particular CMA, I see a directory with
a particular number, like 72, is created but inside that
directory, I am not seeing the file ckp_mgmt_version.tar.gz
or if that file exists, the file size is zero.  The problem
is really
  crapshoot, it works about 70% of the time.  In other
words, about
  70% of the directory undere repository have the file and
proper size
  while the other 30% does not.  Go figure. 
   
  I guess what I am trying to say is that you should NEVER
rely on the message from the SmartConsole to tell you that
a database revision control is successfully created.  The
reality is that it may not create the file that you 
expected.  You should write your own script to check for 
it.  Otherwise, you will be sorry when you need to rollback
something and find out that the file is not there.
   
  Thanks for writing buggy software checkpoint.
   
  cisco4ng

 				
---------------------------------
Get your own web address for just $1.99/1st yr. We'll help.
Yahoo! Small Business.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Has anyone built a VML check for SmartDefense yet?

I saw MS has a note showing how to configure ISA server to
do it,
wondering why CheckPoint is dragging its feet, any DIY users
done it?

Thanks,

Derek O'Flynn
LSU Health Sciences Center
Enterprise Information Security
(504)628-4431 doflynlsuhsc.edu 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

Hi Torkel,
   
  I opened a TAC case with Checkpoint and they do not have a
solution either and it
  has been almost six weeks now.  I only have a single
Manager+Container on a single 
  Solaris 9 box.  Checkpoint verified my configuration and
they find no errors as
  far as configurtion goes.  I gave them a copy of my
mds_backup so hopefully they
  will find something soon.
   
  Thanks.
  cisco4ng

Torkel Mathisen <torkel.mathisenBBS.NO> wrote:
  Hi,

Perhaps its you configuration that is buggy? 

I checked on my own SmartCenter now and of the 238
revisionsI got there now none was missing.

Note that this is not P-1, but perhaps it's a bit early to
call it buggy.

Regards,
Torkel

-----Opprinnelig melding-----
Fra: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
På vegne av cisco4ng
Sendt: 26. september 2006 16:08
Til: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Emne: [FW-1] Database Revision Control

just have a story I want to share with everyone. This is
especially true for those who are familiar with database 
revision control.

I have a P-1 NG with AI r55w. Everytime I push the policy
from a CMA to an enforcement module, i always create a new 
database revision control so that if something go wrong, 
I can revert back to my last "known good"
configuration.

Everytime I created a new revision control the GUI message
told me that a revision control is successfully created. The
problem is that when I go into the
$FWDIR/conf/db_versions/repository 
direrctory of that particular CMA, I see a directory with
a particular number, like 72, is created but inside that
directory, I am not seeing the file ckp_mgmt_version.tar.gz
or if that file exists, the file size is zero. The problem
is really
crapshoot, it works about 70% of the time. In other words,
about
70% of the directory undere repository have the file and
proper size
while the other 30% does not. Go figure. 

I guess what I am trying to say is that you should NEVER
rely on the message from the SmartConsole to tell you that
a database revision control is successfully created. The
reality is that it may not create the file that you 
expected. You should write your own script to check for 
it. Otherwise, you will be sorry when you need to rollback
something and find out that the file is not there.

Thanks for writing buggy software checkpoint.

cisco4ng


---------------------------------
Get your own web address for just $1.99/1st yr. We'll help.
Yahoo! Small Business.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================


 		
---------------------------------
Do you Yahoo!?
 Everyone is raving about the  all-new Yahoo! Mail.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================