This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. Use, duplication, or disclosure by the government is subject to restrictions as set forth in DFARS 252.227-7013 and FAR 52.227-19.
This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. Use, duplication, or disclosure by the government is subject to restrictions as set forth in DFARS 252.227-7013 and FAR 52.227-19.
This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. Use, duplication, or disclosure by the government is subject to restrictions as set forth in DFARS 252.227-7013 and FAR 52.227-19.
2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=11885 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 1/13/2011 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on How to Downgrade from IPSO 6.2 to IPSO 4.2 ).
Contents Important Information ............................................................................................. 3 How To Downgrade from IPSO 6.2 to IPSO 4.2 ..................................................... 5 Objective ............................................................................................................. 5 Supported Versions ............................................................................................. 5 Supported OS ...................................................................................................... 5 Supported Appliances ......................................................................................... 5 Before You Start ..................................................................................................... 5 Related Documentation and Assumed Knowledge .............................................. 5 Impact on the Environment and Warnings ........................................................... 5 Procedure ................................................................................................................ 6 Replacing the Bootmanager ................................................................................ 6 Installing the IPSO 4.2 ......................................................................................... 7 Resetting the Admin Password ............................................................................ 8 Verify ....................................................................................................................... 8
Objective
How To Downgrade from IPSO 6.2 to IPSO 4.2 Page 5
How To Downgrade from IPSO 6.2 to IPSO 4.2 Objective Changing packages and ISOs on IPSO is usually easy to do with Voyager. But, if you want to convert an IPSO 6.2 machine to an IPSO 4.2, you need to use the command line and follow this procedure. Supported Versions IPSO 6.2 Supported OS IPSO 6.2 Supported Appliances Read the Release Notes of the IP Appliance to know if the specific IPSO 4.2 Build is supported. Before You Start Related Documentation and Assumed Knowledge IPSO Boot Manager Reference Guide (http://downloads.checkpoint.com/dc/download.htm?id=10353 \t _blank - http://downloads.checkpoint.com/dc/download.htm?id=10353) sk39135 (http://supportcontent.checkpoint.com/solutions?id=sk39135) - How do I manage boot manager settings from the IPSO command line? Impact on the Environment and Warnings You must have console access to the IP Appliance to run the commands because you will lose network connectivity during this procedure. Also, make sure you have the IPSO boot manager file (nkipflash- 4.2.bin) and ipso.tgz image located on a FTP server. Both files are included in the IPSO 4.2 package (http://supportcenter.checkpoint.com).
Replacing the Bootmanager
Procedure Page 6
Procedure Downgrade your IPSO 6.2 appliance to IPSO 4.2 using this workflow: Step 1: Replace the IPSO Bootmanager. Step 2: Install IPSO 4.2. Step 3: Reset the Admin Password. Replacing the Bootmanager 1. To copy the file: nkipflash-4.2.bin to the IP machine 2. Run: upgrade_bootmgr nkipflash-4.2.bin # upgrade_bootmgr nkipflash-4.2.bin This program is used to upgrade the boot manager on this system. You must be using a terminal connected to the console serial port to run this program. Continue? [n] y new bootmgr size is 2097152 old bootmgr size is 4194304 Installing new boot manager... please wait a minute or two Boot manager upgrade completed. 3. To verify that the bootmanager has been replaced, run: printenv BOOTMGR[23]> printenv NOKIA IPSO BOOTMGR VERSION=4.2-BUILD106a01 11.07.2009-024402 autoboot: YES testboot: NO bootwait: 0 boot-file: boot-flags: boot-device: vendor: Nokia model: IP bmslice: 1
Installing the IPSO 4.2
Procedure Page 7
Installing the IPSO 4.2 1. From the bootmanager shell, run: install BOOTMGR[28]> install Password: ################### IPSO Full Installation #################### You will need to supply the following information: Client IP address/netmask, FTP server IP address and filename, and license information. This process will DESTROY any existing files and data on your disk. ################################################################# 2. To continue the installation, answer the licensing questions as shown: Continue? (y/n) [n] y
Please answer the following licensing questions. Will this node be using IGRP ? [y] n Will this node be using BGP ? [y] n Devices available to install diskless image # name model size type location 0 wd0 SanDisk SDCFH2-004G 4110MB CF-INTERNAL-IDE InternalCF Select # of entry to install diskless image : 0 Selected wd0 as install device [: 1: unexpected operator
Install from anonymous FTP server. Install from FTP server with user and password. Choose an installation method (1-2): 2
Enter IP address of this client (0.0.0.0/24): 172.30.45.200 Please enter a netmask length: (24)16 Enter IP address of FTP server (0.0.0.0): ^C Enter IP address of the default gateway (0.0.0.0): ^C Subnet of client and the gateway does not match. Enter IP address of this client (172.30.45.200/16): 172.30.62.21/16 Enter IP address of FTP server (0.0.0.0): 172.30.45.200 Enter IP address of the default gateway (0.0.0.0): 172.30.1.1
Choose an interface from the following list: 1) eth-s4p1 2) eth-s4p2 3) eth-s4p3 4) eth-s4p4 Enter a number [1-4]: 1
Choose interface speed from the following list: 1) 10 Mbit/sec 2) 100 Mbit/sec 3) 1000 Mbit/sec Enter a number [1-3]: 2
Half or full duplex? [h/f] [h] f Enter user name on FTP Server : ftp Enter password for "ftp": Enter path to ipso image on FTP server [~]: / Enter ipso image filename on FTP server [ipso.tgz]: 3. After all of the packages are installed, enter the hostname within 20 seconds of being prompted. Resetting the Admin Password
Verify Page 8
Please choose the host name for this system. This name will be used in messages and usually corresponds with one of the network hostnames for the system. Note that only letters, numbers, dashes, and dots (.) are permitted in a hostname.
Hostname?
Important - If you do not enter a hostname within 20 seconds, the machine may take the details of the hostname and IP from a DHCP server located in the network, and you will lose your IP settings and admin password credentials. If this happens, you see a temporary admin password. To recover from this: a) Reboot the machine. b) Enter bootmanager shell when you see: Type any character to enter command mode.
Resetting the Admin Password These instructions are based on sk41239 (http://supportcontent.checkpoint.com/solutions?id=sk41239): How do I change the admin password when it is lost or unknown? To reset the password: 1. Run: /etc/overpw 2. Enter the temporary password and continue with the installation. Please enter password for user admin: Please re-enter password for confirmation: Continue? [n] y 3. Login to IPSO 4.2 and set the hostname and interface IP address.
Verify To make sure the IPSO image has changed to IPSO4.2, either: Run: uname a Login to Voyager with browser and go to the Home page: