Uninstalling Check Point VPN-1FireWall-1 NG on Solaris

Uninstalling Check Point VPN-1/FireWall-1 NG on Solaris

When you uninstall Check Point VPN-1/FW-1 NG on Solaris, it is recommended that you make a full system backup before you begin. If you only need to back up the firewall configuration, then you should make a backup of /opt/ CP* and /var/opt/CP* directories. If you are removing a Primary Management Server, the first time you run pkgrm, the removal will fail. Check Point does this intentionally to ensure that you do not accidentally delete your Management Module without understanding that you will not be able to restore SIC to its current state after you remove it.

Uninstalling VPN-1 & FireWall-1

When you uninstall the firewall, you should remove the Check Point installed packages using the pkgrm program available on your Solaris system. The components should be removed in the following order:

1. Check Point VPN-1 & FireWall-1 NG

2. Check Point SVN Foundation NG

You can remove the Management Clients package at any time, but the order in which you remove the previously-listed packages is important. The following steps illustrate how to completely uninstall all Check Point products from your Solaris platform. You may wish to run the command pkginfo to see which Check Point packages you have installed before you start. The packages you are going to uninstall are listed in the following output.

# pkginfo | more application CPclnt-50      Check Point Managment Clients NG application CPfw1-50       Check Point VPN-1/FireWall-1 NG              application CPshrd-50      Check Point SVN Foundation

1. Exit all GUI Client windows.

2. Log in to the firewall and su to root by entering su and pressing Enter.

3. Type pkgrm and press Enter. You will see a list of installed packages available for removal (as shown in Figure 12.64). In this example, you will choose the Check Point VPN-1/FW-1 NG package CPfw1-50, which is number two in the list.

   
   Figure 12.64: Package Removal Choices

4. Type CTRL + D. You will then be presented with the following:

   Select package(s) you wish to process (or 'all' to process all packages).  (default: all) [?,??,q]:

5. Type 2 and press Enter to uninstall the CPfw1-50 package.

6. Next, the system will ask you if you are sure you want to remove this package, as shown here. Type y for yes and press Enter.

   Select package(s) you wish to process (or 'all' to process all packages).  (default: all) [?,??,q]: 2 The following package is currently installed:    CPfw1-50        Check Point VPN-1/FireWall-1 NG                    (sparc) 5.0     Do you want to remove this package? y 

7. Next, the pkgrm program notifies you that the uninstall process will require the use of superuser privileges, and asks you if you want to continue (as shown next). Enter y for yes and press Enter.

   ## Removing installed package instance <CPfw1-50> This package contains scripts which will be executed with super--user permission during the process of removing this package.     Do you want to continue with the removal of this package [y,n,?,q] y 

8. Next, the package removal will fail. Check Point has done this on purpose so that you can receive the WARNING notification that is displayed in the following output. This message informs you that if you uninstall VPN-1/FireWall-1, you will lose all configured SIC, and you will not be able to restore SIC to its current state by reinstalling the Primary Management Server. Run pkgrm again to uninstall the CPfw1-50 package.

   ## Verifying package dependencies. ## Processing package information. ## Executing preremove script.     There are no packages dependent on VPN-1/FireWall-1 NG installed.     *******************************************************************                     WARNING: You are attempting to uninstall your Primary Management Server.r. If you continue, you must then re-configure communication between any Secondary Management Servers and other Check Point Modules, even if you re-install the Primary Management Server on this machine. Un-installation is aborting, if you still wish to uninstall VPN-1/FireWall-50 primary management. Please run un-install again.     *******************************************************************     Please disregard the following error message: pkgrm: ERROR: preremove script did not complete successfully.     Removal of <CPfw1-50> failed. # 

9. Press CTRL + D.

10. Type 2 and press Enter to select the CPfw1-50 package.

11. Type y for yes and press Enter.

12. Type y for yes and press Enter. This time the package removal will be successful. Figures 2.65 and 2.66 show you some of the messages you will see on your console as the package is removed from the system.

    
    Figure 12.65: Uninstall of VPN-1/FW-1

    
    Figure 12.66: Uninstall of VPN-1/FW-1 Continued

13. Type sync; sync; reboot and press Enter to reboot the system.

Uninstalling SVN Foundation

You have already uninstalled the VPN-1/FW-1 software, but now you must remove the SVN Foundation. This should always be removed after all other Check Point components, which are built on top of this foundation (as the name suggests). If you had installed FloodGate-1 or the Policy Server, for example, these should also be removed prior to removing the SVN CPshrd-50 package.

1. Once the machine has rebooted, log back into the console.

2. Type su - and press Enter to become the superuser (root).

3. Type pkgrm and press Enter. Now your choices to uninstall are the Check Point Management Clients NG and the Check Point SVN Foundation (see the following output).

   The following packages are available:   1  CPclnt-50     Check Point Managment Clients NG                    (sparc) 5.0   2  CPshrd-50     Check Point SVN Foundation                    (sparc) 5.0

4. Press CTRL+ D.

5. Type 2 and press Enter to select the SVN Foundation CPshrd-50 package.

6. When the pkgrm program asks you if you want to remove this program, enter y for yes and press Enter.

7. Again, pkgrm will print, "This package contains scripts that will be executed with super-user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q]." Enter y for yes and press Enter to continue.

   The following is a complete view of the uninstall process of the Check Point SVN Foundation on Solaris. You do not need to reboot after uninstalling the SVN package.

   $ su - Password: Sun Microsystems Inc.   SunOS 5.7       Generic October 1998 # pkgrm     The following packages are available:   1  CPclnt-50     Check Point Managment Clients NG                    (sparc) 5.0   2  CPshrd-50     Check Point SVN Foundation                    (sparc) 5.0   3  GNUbash       bash                    (sparc) 2.03   4  NOKIjre11     JAVA Runtime Environment V1.3.1 for Solaris                    (SPARC) 1.3.1   5  NOKInhm11     Nokia Horizon Manager                    (sparc) 1.1   6  NOKIssh11     F-SECURE SSH & SCP client for Nokia NHM                    (SPARC) 1.3.7   7  SMCgzip       gzip                    (sparc) 1.3   8  SUNWab2m      Solaris Documentation Server Lookup                    (sparc) 2.00,REV=19980819   9  SUNWadmap     System administration applications                    (sparc) 11.7,REV=1998.09.10.20.16  10  SUNWadmc      System administration core libraries                    (sparc) 11.7,REV=1998.09.10.19.57     ... 142 more menu choices to follow; <RETURN> for more choices, <CTRL-D> to stop display:^D     Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 2     The following package is currently installed:    CPshrd-50       Check Point SVN Foundation                    (sparc) 5.0     Do you want to remove this package? y     ## Removing installed package instance <CPshrd-50>     This package contains scripts thatwhich will be executed with super-user permission during the process of removing this package.     Do you want to continue with the removal of this package [y,n,?,q] y ## Verifying package dependencies. ## Processing package information. ## Executing preremove script. There are no packages dependent on Check Point SVN Foundation NG installed. rm: /opt/CPshared/5.0/tmp/fg_tmp is a directory ## Removing pathnames in class <conf> /var/opt/CPshared/registry /var/opt/CPshared/5.0/conf/sic_policy.conf /var/opt/CPshared/5.0/conf/os.cps /var/opt/CPshared/5.0/conf/cp.macro … /opt/CPshared/5.0/LICENSE.TXT /opt/CPshared/5.0/../registry ## Executing postremove script. ## Updating system information.     Removal of <CPshrd-50> was successful. # 

Uninstalling Management Clients

The management clients do not really depend on the SVN foundation installation; therefore, you could really remove them at any time without any difficulty.

1. Run pkgrm again to remove the Management Clients package.

2. Press CTRL + D.

3. At the prompt, "Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:", enter 1 and press Enter to select the Check Point Management Clients NG package (CPclnt-50).

4. Enter y for yes and press Enter when the pkgrm utility asks you, "Do you want to remove this package?"

5. Enter y for yes and press Enter when the pkgrm utility presents you with the following prompt, "This package contains scripts that will be executed with super-user permission during the process of removing this package. Do you want to continue with the removal of this package [y,n,?,q]."

   The package will be removed. Figure 12.67 illustrates the end of the uninstall process for the management clients.

   
   Figure 12.67: Management Clients Package Removal