Check Point NG[s]AI

Uninstalling Check Point VPN-1/FireWall-1 NG AI on Solaris

When you uninstall Check Point VPN-1/FireWall-1 NG from Solaris, it is recommended that you make a full system backup before you begin. If you only need to back up the firewall configuration, then you should make a backup of /opt/CP* and /var/opt/CP* directories. If you are removing a primary management server, then the first time you run pkgrm , the removal will fail. Check Point does this on purpose to ensure that you do not unintentionally delete your management module without understanding that you will not be able to restore SIC to its current state after you remove it.

Warning  

When you remove the Check Point VPN-1/FireWall-1 software from your system, you will lose all configuration data. The uninstall process deletes all files and directories.

Uninstalling VPN-1 & FireWall-1

When you uninstall the firewall, you should remove the Check Point installed packages using the pkgrm program available on your Solaris system. The components should be removed in the following order:

  1. Check Point VPN-1 & FireWall-1 NG

  2. Check Point SVN Foundation NG

You can remove the management clients package at any time, but the order in which you remove the two packages listed above is important. Follow the steps below to completely uninstall all Check Point products from your Solaris platform. You may wish to run the command pkginfo to see which Check Point packages you have installed before you start. The packages you are going to uninstall are listed in Illustration 2.9.

Illustration 2.9: pkginfo Command

# pkginfo grep "Check Point" application CPclnt-54 Check Point SmartConsole NG with Application Intelligence application CPfw1-54 Check Point VPN-1/FireWall-1 NG with Application Intelligence application CPfwbc-41 Check Point VPN-1/FireWall-1 4.1 for Backward Compatibility application CPshrd-54 Check Point SVN Foundation NG with Application Intelligence

 

  1. Exit all GUI Client windows that you may have open .

  2. Log in to the firewall and su to root: su -

  3. Type pkgrm and press Enter . You will see a list of installed packages available for removal, as shown in Figure 2.63. In this example, you will choose the Check Point VPN-1/FireWall-1 4.1 for Backward Compatibility, which is number 3 in the list. We will uninstall this first because it extends the functionality of the VPN-1/FireWall-1 package which means the backward compatibility package is dependent on the firewall package. And the firewall package is dependent on the SVN Foundation. These dependencies determine the order in which the software should be removed.

    Figure 2.63: Package Removal Choices

  4. Press Ctrl + D , you will then be presented with the following message: Select package(s) you wish to process (or ˜all to process all packages). (default: all) [?,??,q]:

  5. Enter 3 and press Enter to uninstall the CPfwbc-41 package.

  6. Next, the system will ask you if you are sure you want to remove this package, as seen in Illustration 2.10. Enter y for yes and press Enter .

  7. Repeat this process for the CPfw1-54 package and then for the CPshrd-54 package. The SmartConsole GUI clients can be removed at any time, as they are not dependent on any other Check Point packages.

Illustration 2.10: CPfwbc-41 Package Removal

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 3 The following package is currently installed: CPfwbc-41 Check Point VPN-1/FireWall-1 4.1 for Backward Compatibility (sparc) 4.1 Do you want to remove this package? y

 

  1. Next, the pkgrm program notifies you that the uninstall process will require the use of super- user privileges, and asks you if you want to continue (Illustration 2.11). Enter y for yes and press Enter .

Illustration 2.11: Continue with Package Removal

## Removing installed package instance <CPfwbc-41> This package contains scripts which will be executed with super--user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q] y

 

  1. When removing the CPfw1-54 package from a primary management station, the package removal will fail. Check Point has done this on purpose so that you can receive the WARNING notification that is displayed in Illustration 2.12. This message informs you that if you uninstall VPN-1/FireWall-1, then you will lose all configured SIC, and you will not be able to restore SIC to its current state by reinstalling the primary management server. The configuration can be recovered from a correctly performed backup. Run pkgrm again to uninstall the CPfw1-54 package.

Illustration 2.12: Removal Failed

## Verifying package dependencies. ## Processing package information. ## Executing preremove script. There are no packages dependent on VPN-1/FireWall-1 NG with Application Intelligence. ******************************************************************* WARNING: You are attempting to uninstall your Primary SmartCenter Server. If you continue, you will be unable to communicate with any Secondary SmartCenter Servers and other Check Point Modules, even if you later reinstall the Primary SmartCenter Server on this machine. The uninstall program is now aborting. If you still wish to uninstall your Primary SmartCenter Server, then run it again. ******************************************************************* Please disregard the following error message: pkgrm: ERROR: preremove script did not complete successfully. Removal of <CPfw1-54> failed. #

 

  1. Press Ctrl + D .

  2. Enter 2 and press Enter to select the CPfw1-54 package.

  3. Enter y for yes and press Enter .

  4. Enter y for yes and press Enter . This time the package removal will be successful. Figures 2.64 and 2.65 show you some of the messages you will see on your console as the package is removed from the system.

    Figure 2.64: Uninstall of VPN-1/FireWall-1

    Figure 2.65: Uninstall of VPN-1/FireWall-1 Continued

  5. Type sync; sync; reboot and press Enter to reboot the system.

Uninstalling SVN Foundation

You have already uninstalled the VPN-1/FireWall-1 software, but now you must remove the SVN foundation. This should always be removed after all other Check Point components, which are built on top of this foundation (as the name suggests). The SVN foundation contains all the shared libraries used by various Check Point components. If you had installed FloodGate-1 or the Policy Server, for example, these should also be removed prior to removing the SVN CPshrd-54 package.

  1. Once the machine has rebooted, log back into the console.

  2. Type su “ and press Enter to become the super user (root).

  3. Type pkgrm and press Enter . Now your choices to uninstall are the Check Point Management Clients NG and the Check Point SVN Foundation (see Illustration 2.13).

Illustration 2.13: Remove SVN Foundation

The following packages are available: 1 CPclnt-50 Check Point Managment Clients NG (sparc) 5.0 2 CPshrd-50 Check Point SVN Foundation with Application Intelligence (sparc) 5.0

 

  1. Press Ctrl + D .

  2. Enter 2 and press Enter to select the SVN Foundation CPshrd-50 package.

  3. When the pkgrm program asks you if you want to remove this program, enter y for yes and press Enter.

  4. Again, pkgrm will print, This package contains scripts that will be executed with super-user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q]. Enter y for yes and press Enter to continue. See Illustration 2.14 for a complete view of the uninstall process of the Check Point SVN Foundation on Solaris. You do not need to reboot after uninstalling the SVN package.

Illustration 2.14: pkgrm SVN Foundation

$ su - Password: Sun Microsystems Inc. SunOS 5.8 Generic February 2000# pkgrm The following packages are available: 1 CPclnt-54 Check Point SmartConsole NG with Application Intelligence (sparc) 5.0 2 CPshrd-54 Check Point SVN Foundation with Apppication Intelligence (sparc) 5.0 ... 148 more menu choices to follow; <RETURN> for more choices, <CTRL-D> to stop display: ^D Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 2 The following package is currently installed: CPshrd-54 Check Point SVN Foundation with Application Ingelligence (sparc) 5.0 Do you want to remove this package? y ## Removing installed package instance <CPshrd-54> This package contains scripts that which will be executed with super-user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q] y ## Verifying package dependencies. ## Processing package information. ## Executing preremove script. There are no packages dependent on Check Point SVN Foundation NG installed. ## Removing pathnames in class <conf> /var/opt/CPshrd-54/registry /var/opt/CPshrd-54/conf/sic_policy.conf /var/opt/CPshrd-54/conf/os.cps /var/opt/CPshrd-54/conf/cp.macro /opt/CPshrd-54/SU /opt/CPshrd-54/LICENSE.TXT ## Executing postremove script. ************************************************************** Rebooting the machine is recommended for successful removal of Check Point NG with Application Intelligence products. If you wish to start the previous version, please re-login and run cpstart. ************************************************************** ************************************************************** Check Point SVN Foundation NG with Application Intelligence uninstall complete. ************************************************************** ## Updating system information. Removal of <CPshrd-54> was successful. #

 

Uninstalling Management Clients

The management clients do not really depend on the SVN foundation installation; therefore, you could really remove them at any time without any difficulty.

  1. Run pkgrm again to remove the SmartConsole package.

  2. Press Ctrl + D .

  3. At the prompt, Select package(s) you wish to process (or ˜all to process all packages). (default: all) [?,??,q]: , enter 1 and press Enter to select the Check Point SmartConsole NG with Application Intelligence package (CPclnt-54).

  4. Enter y for yes and press Enter when the pkgrm utility asks you, Do you want to remove this package?

  5. Enter y for yes and press Enter when the pkgrm utility presents you with the following prompt, This package contains scripts that will be executed with super-user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q].

    The package will be removed. Figure 2.66 illustrates the end of the uninstall process for the SmartConsole NG AI package.

    Figure 2.66: Management Clients Package Removal

Related

Категории