Last night I did some maintenance on both our Bluecoat Web Cache and our Nokia / Checkpoint firewall. The bluecoat was a very straightforward upgrade, they have made the process almost painless other than a few minute reboot.
The Nokia / Checkpoint upgrade isn't hard, just harder relatively. Some of you may be saying I thought Nokia only makes phones, well no they make some of the best hardened firewall boxes out there. You then layer on top Checkpoint's Firewall-1 product and you are set. The main reason I bring this up is prior to the upgrade the firewall had an uptime of 337 days. Which is pretty damn amazing I must say. In these days of daily security exploits to have a box not need upgrading for a year and not have problems.
Anyway back to the upgrade. It is a couple step process. First, you must download the latest IPSO (Nokia Operating System) and the latest Checkpoint software and hotfixes. Next, it is a good idea to clean up the logs and such since if you don't you will run out of hard drive space, which I learned the hard way last time. Then, you upgrade the IPSO. At this point you have to console in usually since FW-1 doesn't start and the box is totally locked down from a network standpoint. After you gain access again you then run the checkpoint package (install), these needs to be run from a command line. Reboot the box once more and if necessary apply checkpoint hotfixes. Took maybe an hour at most. An hours downtime a year isn't bad.
Also I must thank Dan who has forgotten more about Nokia and Checkpoint than I will ever know. He gave me a couple of quick pointers. Also Nokia's tech support is great, they even support Checkpoint so one call does it all. The Nokia / Checkpoint combo isn't cheap either intially or yearly but you get what you pay for. Highly recommended.
Leave a comment