Migrating Checkpoint 4.1 DES VPN to another version of Checkpoint

Posted on 2006-05-03
Medium Priority
Last Modified: 2013-11-16
Hi! I have Checkpoint Firewall 4.1 DES VPN working on NT 4.0 SP6A, it works well, but have limited resources for new policies we want apply and has some vulnerabilityes and it is old, too.
We are migratin NT4 to Windows 2003 Server and we want upgrade the Checkpoint Firewall too.

Times ago, I noticed tha Checkpoint had a new version, named Checkpoint NG. And nowadays
I am lost. Is there a new version? Is it stable?

Which version is recommended for migrating from Checkpoint 4.1? A secure and
bugless version?

Or, do you recommend another firewall, which has a excelent administration gui and
is secure and has resources like checkpoint? I accept suggestions.

PS: Discard appliances.

Best Regards,
Question by:artur_dietrich
1 Comment

Accepted Solution

dbardbar earned 200 total points
ID: 16606744
The orignal FirelWall-1 NG was released quite a few years ago, and then it had several service packs (which CP called Feature Packs), up to FP3.
Then the names realy started to get funky. There was R54, R55, R55W and now R60.

I have exprience with all versions up to R55W. Personally I think R55 was the most stable, but generly speaking they were all pretty stable. The major infrastructure changes were done between 4.1 and the orignal NG, which becuase of that had tons of bugs. But after FP3 (including), they were all pretty stable (in my opinion).
Upgrading from 4.1 to R60 is not supported. You shoudl upgrade to R55.
Personally, I would then upgrade to R60. But wait and see for the opnions of the other guys here at EE.

As always, don't expect the most latest, most cutting edge features to be bug-free. But the basic hard-core functionality is reliable.
Especialy in the case of Resources - I think there was a lot of improvment there compared to 4.1. Also, there lot of new functionality, and a much nicer and better GUI. (You just "love" the Log Viwer in 4.1, don't you? :-)

What you should be reading about is the "Upgrade Utilities"/"Upgrade Tools". Those are a set of a few simple utilties (each version has it's own set), which you can run on your old machine, and it will suck all the information it needs into a nice little zip file. You can then take the zip file to your new machine, run another utility, and it will take all your configuration and upgrade it to the newer version on the new machine. You could then at your own time test the new FW-1, see that everything got upgraded correctly, and everything is working properly. When you are good to go, you can take your old machine offline, and put the new one instead, with little downtime.
This is all explained pretty good in the Upgrade documents of each version. You can download the documentation from CP site, with your user center account. If you do not have an account, you can open one for free.

You might also might want to consider "SecurePlatform". It is a Linux distribution that was created by Check Point, which has a lot of integration with the other Check Point software. It can be installed on any plain (or server class) PC, and gives you a nice "appliance" look and feel. Personally, I like it. If and when you get the new R55/R60 CD, if you boot from it, it will install SecurePlatform on the harddrive (wiping it clean!), along with FW-1. I think you should at least give it a look. It has been around since about NG FP2, so it is pretty stable and feature-rich right now.

Regarding the licensing - you should definantly talk to your local reseller, to help you in the licenseing maze, to choose the license most fitting your needs. The licenseing scheme has changed over the years, and it is now quite complex.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question