[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gauntlet-user
Subject:    RE: Gauntlet and NAI whines (was: anonymous posting)
From:       Inno Eroraha <inno () patriot ! net>
Date:       1999-12-29 20:43:02
[Download RAW message or body]

Here is a synopsis of my attempt to upgrade Gauntlet 4.1 to 4.2:

<BTW, upgrading Gauntlet from 4.1 to version greater than 4.2 will involve
first upgrading to 4.2, and then upgrading from 4.2 to 5.0 will become
trivial>

Gauntlet4.2 "trans" program can easily choke if your 4.1 configuration
doesn't strictly confirm to some common format. Specifically, here are
some scenarios that will cause problem for trans:

-if a proxy, service group, or network group has underscore(s)
-if the proxy name begins with a numeric character (eg. 220gw will not
work!)

Also:

-"espmd" (for the GUI admin) is not introduced until version 4.2,
therefore the necessary rules for "espmd" may not be created in the
gauntlet.conf file
-for same reason as above, netacl-{telnet,ftp,rlogin} rules in the
gauntlet.conf are not (always?) added. 
-Some mandatory network and services groups are required for the basic
4.2, which the "trans" may not add. Eg. ESPMD, Netacl, Authsrv, and Mail
network groups. Same applies to Service Groups ESPMD, Local, Authsrv, and
Mail.
-packet filtering rules is a problem -- your "absorb" rules may not get
translated!

If you have more than 20 firewalls, then it may be worth your while to
write some utility (like we did - tailored to our environment) that will
translate the configuration onto a format that is "edible" for "trans.
Otherwise, I would recommend you  build the system from scratch :( By
following this approach, you can rest assure that future upgrades (from
4.2 to 5.0, etc) would be a smooth process.

-0-
inno



> > Would it be possible to get all the switches for revtrans???
> > 
> > Specifically I am trying to figure out how a 4.1 config 
> > (netperm-table and
> > gauntlet.conf) could be brought into 4.2 BSDI Gauntlet.
> They should work just as they are.
> 

[prev in list] [next in list] [prev in thread] [next in thread]