Monday, July 9, 2012

Check Point VPN Troubleshooting: Updating The LIBSW Files On The Head End Firewall When You Have An Edge Device Connected Via VPN

Well, here it is again.  Check Point never ceases to amaze me really.  I have the topology below.  It turns out that IF your code on the Edge device is higher than the version of the libsw files on your UTM-1 270 (or any head end Check Point), than it looks like you are going to have to 'upgrade' your libsw files.  Not a big deal really, but a real pain to remember.  I ran into VPN problems and could not get any traffic across the vpn.  Phase I and Phase II would come up without issue though.  I actually remember this from a few years ago, and had the same problems.
Anyway, if you know your code is higher on the Edge device than on your Check Point head end firewall, you need to go through this process.  Here are the commands I had to do (I found them on a sk on the Check Point site somewhere):

1.  mv   /opt/CPEdgecmp-R75.20/libsw   /opt/CPEdgecmp-R75.20/libsw_BKP
2.  mv   /home/admin/libsw8250.tar   /opt/CPEdgecmp-R75.20/
3.  tar xvf   /opt/CPEdgecmp-R75.20/libsw8250.tar
4.  mv   /opt/CPEdgecmp-R75.20/libsw8.2.50   /opt/CPEdgecmp-R75.20/libsw
5.  dos2unix   /opt/CPEdgecmp-R75.20/libsw/*

Lets go through the process, exactly as I did it.
[Expert@CPfirewall]#
[Expert@CPfirewall]#
[Expert@CPfirewall]# cd /home/admin
[Expert@CPfirewall]# tftp
tftp> connect 192.168.15.11
tftp> get libsw8250.tar
Received 512000 bytes in 0.6 seconds
tftp> quit
[Expert@CPfirewall]# pwd
/home/admin
[Expert@CPfirewall]# ls
libsw8250.tar
[Expert@CPfirewall]# mv   /opt/CPEdgecmp-R75.20/libsw   /opt/CPEdgecmp-R75.20/libsw_BKP
[Expert@CPfirewall]# mv   /home/admin/libsw8250.tar   /opt/CPEdgecmp-R75.20/
[Expert@CPfirewall]# tar xvf   /opt/CPEdgecmp-R75.20/libsw8250.tar
libsw8.2.50/
libsw8.2.50/auth.def
libsw8.2.50/base.def
libsw8.2.50/clcrypt.def
libsw8.2.50/code.def
libsw8.2.50/cp_algs.def
libsw8.2.50/crypt.def
libsw8.2.50/dcerpc.def
libsw8.2.50/dcom.def
libsw8.2.50/dup.def
libsw8.2.50/exchange.def
libsw8.2.50/formats.def
libsw8.2.50/fwconn.h
libsw8.2.50/fwctrnm.h
libsw8.2.50/fwctrs.ini
libsw8.2.50/fwui_head.def
libsw8.2.50/fwui_trail.def
libsw8.2.50/h323.def
libsw8.2.50/init.def
libsw8.2.50/kerntabs.h
libsw8.2.50/policy.ini
libsw8.2.50/snmp.def
libsw8.2.50/sofaware.def
libsw8.2.50/sofaware.h
libsw8.2.50/sofaware_base.def
libsw8.2.50/std.def
libsw8.2.50/swalgs.def
libsw8.2.50/swh323_in.def
libsw8.2.50/swh323_out.def
libsw8.2.50/sw_conn_helpers.def
libsw8.2.50/sw_ftp.def
libsw8.2.50/sw_nat.def
libsw8.2.50/sw_p2p_block.def
libsw8.2.50/sw_proxy.def
libsw8.2.50/sw_record_conn.def
libsw8.2.50/sw_sd.def
libsw8.2.50/sw_sd_functions.def
libsw8.2.50/sw_sip.def
libsw8.2.50/sw_sip_functions.def
libsw8.2.50/sw_skinny.def
libsw8.2.50/sw_tunneling.def
libsw8.2.50/sw_user_rules.def
libsw8.2.50/sw_vpn.def
libsw8.2.50/sw_vpn_helpers.def
libsw8.2.50/table.def
libsw8.2.50/tcpip.def
libsw8.2.50/traps.def
libsw8.2.50/traps.h
libsw8.2.50/user.def
libsw8.2.50/xtreme.def
libsw8.2.50/version.txt
[Expert@CPfirewall]# mv   /opt/CPEdgecmp-R75.20/libsw8.2.50   /opt/CPEdgecmp-R75.20/libsw
[Expert@CPfirewall]# dos2unix   /opt/CPEdgecmp-R75.20/libsw/*
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/auth.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/base.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/clcrypt.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/code.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/cp_algs.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/crypt.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/dcerpc.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/dcom.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/dup.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/exchange.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/formats.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/fwconn.h to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/fwctrnm.h to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/fwctrs.ini to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/fwui_head.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/fwui_trail.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/h323.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/init.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/kerntabs.h to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/policy.ini to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/snmp.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sofaware.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sofaware.h to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sofaware_base.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/std.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_conn_helpers.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_ftp.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_nat.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_p2p_block.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_proxy.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_record_conn.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_sd.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_sd_functions.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_sip.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_sip_functions.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_skinny.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_tunneling.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_user_rules.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_vpn.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/sw_vpn_helpers.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/swalgs.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/swh323_in.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/swh323_out.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/table.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/tcpip.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/traps.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/traps.h to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/user.def to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/version.txt to UNIX format ...
dos2unix: converting file /opt/CPEdgecmp-R75.20/libsw/xtreme.def to UNIX format ...
[Expert@CPfirewall]#
[Expert@CPfirewall]# cat   /opt/CPEdgecmp-R75.20/libsw/version.txt   <--- To Verify the libsw file version
libsw built with version 8.2.50
File list:
auth.def                990 bytes
base.def              28031 bytes
clcrypt.def            8824 bytes
code.def               9249 bytes
cp_algs.def           68974 bytes
crypt.def             28264 bytes
dcerpc.def            22309 bytes
dcom.def               9513 bytes
dup.def                 571 bytes
exchange.def           3760 bytes
formats.def           10257 bytes
fwconn.h               8423 bytes
fwctrnm.h               946 bytes
fwctrs.ini             1722 bytes
fwui_head.def         13874 bytes
fwui_trail.def          710 bytes
h323.def              23854 bytes
init.def               2847 bytes
kerntabs.h             3678 bytes
policy.ini               52 bytes
snmp.def               2472 bytes
sofaware.def          18069 bytes
sofaware.h             5765 bytes
sofaware_base.def      2030 bytes
std.def                 640 bytes
sw_conn_helpers.def    6118 bytes
sw_ftp.def            18810 bytes
sw_nat.def            11415 bytes
sw_p2p_block.def      18871 bytes
sw_proxy.def           4191 bytes
sw_record_conn.def     6248 bytes
sw_sd.def              7380 bytes
sw_sd_functions.def    4716 bytes
sw_sip.def             3832 bytes
sw_sip_functions.def   4592 bytes
sw_skinny.def          5235 bytes
sw_tunneling.def       8767 bytes
sw_user_rules.def      5679 bytes
sw_vpn.def             6293 bytes
sw_vpn_helpers.def     4479 bytes
swalgs.def             3170 bytes
swh323_in.def          4256 bytes
swh323_out.def         3166 bytes
table.def             11764 bytes
tcpip.def              4742 bytes
traps.def              5076 bytes
traps.h               15391 bytes
user.def              10582 bytes
version.txt              43 bytes
xtreme.def             9636 bytes
[Expert@CPfirewall]#
Posted by

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)