SKSTOOL Help

[wendij]

I am trying to backup the configuration of my Symantec Enterprise Firewall 7.0 so I can create a backup firewall. Symantec's instructions say to run SKSTOOL and input your recovery password. Well, I ran SKSTOOL on the existing firewall and it came back with 'Replace existing recover key (y/n)'. I chose NO and it exited. Does anyone know if choosing Yes mess up anything on the existing firewall? I can't find anything on this on Symantec's website or in the instructions that came with the firewall.

Thanks for any help.

 

[redbeard2975]

On version 6.5 answering yes and then supplying a password worked. After you copy the files from the sg directory you need to run sgupdate -commit to restore the old firewall to operation.

I found a proceedure on their web page labeled "Recommended backup procedures for Symantec Enterprise Firewall".

I have NOT tried this on ver 7. I did however move my config to a completely new Computer using version 6.5 and it worked fine.

 

[wendij]

I answered Yes to the question and it worked. I was able to copy the configuration to the backup firewall without doing any harm to the existing firewall.

 

[susan99]

I have just taken over support of a Symantec Enterprise Firewall Version 6.5 system. I want to copy over the configuration onto a test machine that we have in the lab. In order to copy over the configuration to another machine, I'm assuming that I need to run skstool first. If I run it on the production machine & it prompts me to overwrite existing recovery key, will I lose anything on production? Does this mean that it was not previously run?

I didn't run the skstool prior to moving over the configuration and couldn't log into the SRM Console - could this be why?

Thanks

 

[wendij]

Yes, just run SKSTOOL. It won't mess up anything on your production firewall. I ran into this same issue and wasn't able to log into my backup firewall until I ran SKSTOOL and then moved the configuration over.

 

[susan99]

Thanks for the information. Problem being that I ran the skstool on the production server, copied over the files and then ran the skstool on the backup server prior to installing the software & I get prompted to replace the existing key. Shouldn't I be asked to just enter the password to recover the key?

 

[wendij]

Did you copy the \SG directory from the production server as well as the HOSTS and Hosts.PUB files? Here is a link to Symantecs document about SKSTOOL:

http://service1.symantec.com/SUPPOR...corp&svy=&prev=&miniver=sym_ent_firewall_7_nt

 

[susan99]

I did copy over the /sg directory & did follow all of the instructions.

Would it make a difference that I am testing it in a lab with just one machine?

install & configure Symantec software

run the skstool with password

copy the /sg directory & the hosts files to a floppy

uninstall the Symantec software

wipe the hard disk clean & reinstalling windows

copy back over the /sg directory

run skstool - this is where it again prompts me to replace
the existing key again, where I believe it should just be prompting me for the password

Does it make a difference that I never actually change machines nor volume names?

Could you please confirm again that it won't affect the production firewall by running the skstool on it while it is live?

Thanks