|
Home > Archive > Check Point > September 2002 > No more CP2000 exam? What now?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
No more CP2000 exam? What now?
|
|
|
| Ok,..I've adminsitered CP2000 firewalls for about 2 years now but just started thinking about taking the CCSA exam recently. I have never worked on NG before and our environment does not have NG, still on v4.1sp2 on Nokia IP440. (the reason why I want to get CCSA CP2000) I found this site because I was looking for help on certification material, but only to discover that CP2000 exams are no longer available. So now I'm at a dilemma here. I finished two books (phoneboy and courseware for cp2000 revision A.), but now it looks like I need to find new material and somehow practice NG somewhere...start all over again.  Does anyone know how to get an evaluation license for NG? I am familiar with the Checkpoint User Center as I use it to license our v4.1 products here. Can I use the same site to obtain an evaluation key for my existing eval copy of NG? (legally obtained through my co-worder who attended a Nokia class).
thanks for all your help | |
|
| Ok, this forum isn't very helpful. I simply need to verify whether the CP2000 exam is available. And no one can answer my question about obtaining trial license?? Hmm... | |
|
| My Friend...
The only one can supply you an EVAL key for your NG except for checkpoint themselves....or you can brag your Value Added Reseller (VAR) for it...
Prevously checkpoint used to generate a monthly open EVAL key for all products..I dont know whether they are still distributed to their channels or not....(Your VAR)
Chances are you are not going to get it at all.
If you have an eval copy of NG package then use that certificate key to generate your 30 days license from checkpoint via license.checkpoint.com
Hope that help. As for CP2000 Exam, it is stil a valid and recognized certificate...since Checkpoint 2000 is still around and not everyone has migrated to the NG platform yet. But if you are considering getting certified, then go for NG..Because CP2000 will be retired soon. and once it is retired, your certification is meaningless in term of Checkpoint... | |
|
| Thanks for the replies! That's just what I wanted to hear. I will start studying for the CCSA-NG exam as soon as the book I ordered today is delivered.
Now I just have one more question. How does one exactly migrate from CP-4.1 (any version) to CP-NG? I hope it is not a de-intall,then re-install thing. I don't see how it will work since the license strings are bound to specific versions. For example, CP-41-blah-blah. There is probably a procedure during the upgrade where you remove the old string and add the new string generated by Checkpoint?
thanks | |
|
| First of all...you have to migrate your 4.1 license to NG license...
It depends on your installation..distributed or standalone...
Bind your license to your management console IP address or the firewall module itself..The advantage of binding to the management console IP is that you can use that license string and deploy on another firewall module if you device to change your FW module's IP address. This is call central license..
Now here's the procedure to migrate your 4.1 to NG..let's assume it's NG-FP2
1) Install a fresh installation of your FIREwall module on Solaris/NT or Nokia (with the supported IPSO)And of course...hardening your OS is a priority
Below are the steps we suggest you take.
1. On a separate system install a new and clean install of FP2 on the operating system you choose to use. For help on this see the accompanying documentation that describes how this is accomplished.
2. Download and read the release notes for the Upgrade Verifier utility as well as the utility itself available from checkpoint at http://www.checkpoint.com/techsuppo...#upgrade_verify
3. Run the Pre-upgrade Verifier on the current 4.1 management server and resolve any issues identified.
For example :
pre_upgrade_verifier -p . -c 4.1 -t NG_FP2
==============================
==
Action items before the upgrade:
==============================
==
Warnings: It is recommended to resolve the following problems.
==============================
==============================
==
Title: Obsolete Encryption Scheme: FWZ
-----
Description: The network object "demo_firewall" is set to use the FWZ encryption scheme. FWZ is no longer supported. The upgrade process will remove it from the list of encryption schemes on this object.
Impacts: If the VPN gateways do not support "IKE", there will be problems after installing the policy: the relevant rules will malfunction.
Todo: Use the IKE encryption scheme instead.
In the above example this management station was using FWZ which is no longer supported in NG FP2, and it would be recommended in this case to change over to IKE before proceeding with the upgrade.
4. Once all the Actions items before the upgrade, as pointed out in Step 3, have been completed. Make a copy following files from you 4.1 manager as described in knowledgebase solution sk11635 “How to manually upgrade from VPN-1/FireWall-1 4.1 to VPN-1/FireWall-1 NG FP1 or FP2.”.
objects.C
rulebase.fws
fwauth.NDB
xlate.conf,
aftpd.conf,
smtp.conf,
sync.conf,
masters,
clients,
fwmusers,
gui-clients,
slapd.conf,
serverkeys,
product.conf.
5. Run the upgrade script to convert the object.C , rulebase.fws , and fwauth.NDB files to NG FP2 from the previous version.
To upgrade from VPN-1/FireWall-1 4.1 to VPN-1/FireWall-1 NG FP1 or FP2 using the upgrade script, proceed as follows:
1. create a new machine with the desired version (FP1 or FP2)
2. Download and unzip the upgrade.tgz file (md5: bd419c84641cb465dc64b64c0fa645
33) - it opens into a directory named upgrade.
3. Place the 4.1 files under upgrade/4.1
a. objects.C
b. fwauth.NDB (on Windows machines this file is only the pointer to the real database file, for example, fwauth.NDB522. In this case take the real database file -fwauth.NDB522, rename it to fwauth.NDB and put it in the \upgrade\4.1 directory
c. rulebases.fws
d. fgrulebases.fws (if FloodGate-1 is installed
4. Stop the FireWall-1 (cpstop)
5. cd to the <upgrade_directory> and issue:
Windows
upgrade.bat \upgrade FP2 4.1 (upgrade from 4.1 to FP2)
Unix
upgrade.csh /upgrade FP2 4.1 (upgrade from 4.1 to FP2)
6. Restart the FireWall (cpstart) and login to the GUI
Notes*
1. The upgrade script will backup any modified file into <upgrade_directory>/backup/
2. If you are moving from a Windows machine to Unix do dos2unix on objects.C and rulebases.fws
3. In order to keep further configuration files (such as gui-clients, masters etc...), copy from VPN-1/FireWall-1 4.1 $FWDIR/conf directory to VPN-1/FireWall-1 NG $FWDIR/conf the following files:
xlate.conf,
aftpd.conf,
smtp.conf,
sync.conf,
masters,
clients,
fwmusers,
gui-clients,
slapd.conf,
serverkeys,
product.conf.
6. Run the post upgrade verifier on the NG FP2 install to help correct / identify any issues.
7. Review and test the policy and user database to ensure everything has been upgraded successfully.
8. Once confident that everything has been upgraded successful attempt to pass corporate traffic though the NG FP2 firewall while keeping the 4.1 firewall on hand in case of any problems. | |
|
| Wow! Most comprehensive reply I ever got from anybody! Thanks so much!! I can now proceed to test this out in my lab. | |
| niknaks 2002-09-04, 11:16 am |
| This exam 156-205 which is CP2000 is still available because i'm taking it on the 23th Sept.
I thought the same until I phone up to book the exam.
Give vue.com a try.
Good luck
niks | |
|
| I've decided to start studying for NG and take that exam instead. There is no point on taking the CP2000 exam if it'll be retired soon. |
|
|
|
|