230 Check Point FireWall-1 on AIX - A Cookbook for Stand-Alone and High Availability Solutions
/usr/lpp/CPfw1-41/conf/objects.C
/usr/lpp/CPfw1-41/conf/rulebases.fws
/usr/lpp/CPfw1-41/database/fwauth.NDB
/usr/lpp/CPfw1-41/database/objects.C
/usr/lpp/CPfw1-41/conf/fw.license
/usr/lpp/CPfw1-41/conf/objects.C.bak
/usr/lpp/CPfw1-41/database/opsec_authkeys.C
/usr/lpp/CPfw1-41/conf/vpn.W
Do you want to continue and copy them to fw4 ? [y]/n y
Generating tar of different files on fw3
a /usr/lpp/CPfw1-41/conf/objects.C 69 blocks.
a /usr/lpp/CPfw1-41/conf/rulebases.fws 55 blocks.
a /usr/lpp/CPfw1-41/database/fwauth.NDB 41 blocks.
a /usr/lpp/CPfw1-41/database/objects.C 70 blocks.
a /usr/lpp/CPfw1-41/conf/fw.license 5 blocks.
a /usr/lpp/CPfw1-41/conf/objects.C.bak 69 blocks.
a /usr/lpp/CPfw1-41/database/opsec_authkeys.C 1 blocks.
a /usr/lpp/CPfw1-41/conf/vpn.W 10 blocks.
Killing FireWall-1 Management Daemon (fwm) on fw4
kill: 6486: 0403-003 The specified process does not exist.
kill: 6486: 0403-003 The specified process does not exist.
kill: 6486: 0403-003 The specified process does not exist.
Extracting tar of different files on fw4
x /usr/lpp/CPfw1-41/conf/objects.C, 35291 bytes, 69 media blocks.
x /usr/lpp/CPfw1-41/conf/rulebases.fws, 27838 bytes, 55 media blocks.
x /usr/lpp/CPfw1-41/database/fwauth.NDB, 20481 bytes, 41 media blocks.
x /usr/lpp/CPfw1-41/database/objects.C, 35443 bytes, 70 media blocks.
x /usr/lpp/CPfw1-41/conf/fw.license, 2060 bytes, 5 media blocks.
x /usr/lpp/CPfw1-41/conf/objects.C.bak, 35291 bytes, 69 media blocks.
x /usr/lpp/CPfw1-41/database/opsec_authkeys.C, 239 bytes, 1 media blocks.
x /usr/lpp/CPfw1-41/conf/vpn.W, 4637 bytes, 10 media blocks.
Comparing checksums of transferred files between nodes
The files that were found different are now identical.
You still need to restart fwm on fw4 !!!
Do you want me to delete all /tmp/diff_fw1*.11120 files [y]/n? y
fw4:/usr/local/bin#
The other problem is that the security policy cannot be installed on fw4 from
fw3 after it replaces its boot IP addresses with the service IP addresses when
it goes active, because the primary IP address of fw4 is fw4_out_boot and the
VPN-1/FireWall-1 management daemon on fw3 want to talk to that address.
Therefore, we added an IP alias to the external network interface for the boot