IPSO upgrade on IP Appliances

On Nokia Firewall you have to install to things:
– IPSO image
– Checkpoint Firewall package

The first one is the operating system, the second one is the firewall software. If you want to upgrade your operating system then you do not have to reinstall the Firewall software as well. Image upgrade is possible through the web interface (Voyager) or through cli (in this case you need an ftp server, like 3CDaemon). I prefer cli, because you can use it through the console and you can configure faster. If a problem occurs and you cannot reach the firewall with its IP – for example after reboot it does not come up with the new image – you have to have console access to check the actual state of the firewall.

The IPSO image can you find on the Checkpoint site. For the Image upload you need an ftp server.

NokiaIP290:102> download image url ftp://2.2.2.2/ipso-4.2-bld111/ipso.tgz Receiving /var/tmp/ipso.tgz (40084900 bytes) Receiving /var/tmp/ipso.tgz (40084900 bytes): 72% Receiving /var/tmp/ipso.tgz (40084900 bytes): 100%  40084900 bytes transfered in 6.9 seconds (5700.42 Kbytes/s) Validating image… (no signature file found, continuing)… done. Version tag stored in image: .IPSO-4.2-BUILD111-05.11.2010-205957-1515 Setting up new image… done. Checking if bootmgr upgrade is needed… Upgrading bootmgr…. new bootmgr size is 2097152 old bootmgr size is 2097152 Saving old bootmgr. Installing new bootmgr. Verifying installation of bootmgr. Will use /image/IPSO-4.2-BUILD106a04-02.19.2010-165807-1515 as root for next boot. To install/upgrade your packages run /etc/newpkg after REBOOT

Next you need just reboot the firewall with the new image.

NokiaIP290:112> reboot image IPSO-4.2-BUILD111-05.11.2010-205957-1515 save . Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: Boot image will be IPSO-4.2-BUILD111-05.11.2010-205957-1515 Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: Boot image will be IPSO-4.2-BUILD111-05.11.2010-205957-1515 Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: Attempt to reboot by root Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: Attempt to reboot by root Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: System reboots in approximately 2 seconds. Nov 19 16:51:14 myfirewall [LOG_CRIT] reboot: System reboots in approximately 2 seconds. WARNING System will be rebooted in approximately 2 seconds. clish and login shell will automatically terminate.

That’s it. After reboot your firewall works as before.