
CPFW1TK -- CheckPoint Firewall-1 Tool Kit
	by JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/
	http://www.jpsdomain.org/security/tools.html#firewalls


This package contains three tools I wrote to help manage a CheckPoint
Firewall-1/VPN-1 firewall. There are also two bonus batch file templates and
a bonus REG file in the Windows version.


The Windows package (.exe) has all the files needed for both Windows and UNIX.
The UNIX package has only the UNIX scripts and the ReadMe files.


Instructions

Unzip the zip file into a convienient directory, such as c:\util. If at all
possible, this should be on the same drive letter as your firewall software.

Now read each of the Readme's. Currently, you probably have to make the same or
very similar changes to BOTH CPFWBack and LogSwap. They really should have a
single config file, but I just have not gotten around to implementing that.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For more information see the specific readme files. Also, read the code --
it's well documented.

!!Readme.txt		This file (!! makes it sort to the top).
!Extract_Patch.txt	Allow extraction of *.TGZ files under Windows
!CPFWBack.txt		Backup CheckPoint Firewall-1 Configurations
!LogSwap.txt		Schedule Swapping or archiving of Firewall-1 Logs
			Not needed for Chneeded for CheckPoint Firewall-1/VPN-1
			Next Generation (AKA v5.x) -- use the built-in
			logging facility.

AddPath.bat		Allows you to temporarily add a directory to the path
			of the current shell (e.g. you can add the \util
			directory to make it easy to use extract.bat).
SetLic.bat & .sh	Sample batch file to both DOCUMENT and set FW-1
			license information.
RtAdd.bat		Sample batch file to both DOCUMENT and set FW-1
			static routes on NT.
NT-Tab.reg		Sets the NT Command Completion Character to TAB


CPFWBack and LogSwap run on both Windows and UNIX (specifically, they have
been tested under NT4, Win2000 and Nokia IPSO v3.3.1-FCS4 and 3.4.1-FCS5,
but as far as I know they should just work, period).

CPFWBack.sh and LogSwap.sh are the UNIX versions. They stand-alone, and
already have UNIX line breaks (LF).  Just copy them onto the box, edit if
needed, and go.

CPFWBack.cmd and LogSwap.cmd are the Windows versions. They need several
third-party tools in order to function. These tools should have been
provided in the same ZIP file as the scripts themselves. For more
information about the tools, see the references in each Readme.


Instructions

Read each of the Readme's. Currently, you probably have to make the same or
very similar changes to BOTH CPFWBack and LogSwap. They really should have a
single config file, but I just have not gotten around to implementing that.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Package Changes

This package follows Linux RPM style naming:
	{Program Name}-{Program Version}-{Package Version}


CPFW1TK-3.2.0-1.zip
	Add DISCLAIMER!
	Add fw printlic to CPFWBack.* misc info.
	Add winmsd/msinfo to CPFWBack.cmd
	Make CPFWBack and LogSwap more consistent
	Subtle ela_*.log changes in LogSwap.sh to mirror LogSwap.cmd
	Added SetLic.sh.
	Testing on Nokia 3.4.1-FCS5 with CP FW v4.1 SP5 for *.sh


CPFW1TK-3.1.0-1.zip
	MANY and MAJOR bugfixes to LogSwap.cmd.  LogSwap.sh not affected.


CPFW1TK-3.0.0-1.zip
	First release of all the tools bundled together. The v3 part is
	somewhat arbitrary, but I wanted to get a little ahead of the actual
	script version numbers.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The program version will have a major number, minor number and revision
number.  The revision number will be incremented for changes to ancillary
programs (i.e. setup), material changes to documentation, etc.  The minor
version number will be incremented for changes and bug fixes to main
programs.  The major number will be incremented for major functionality
changes to the main programs.

The package version will be incremented when I make a change to the package
which does not affect the actual programs (i.e. correcting typos in the
documentation, or using a new but funcationally equivalent binary).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
License

The CPFW1TK and all third-party tools used in it are licensed under the GNU
GENERAL PUBLIC LICENSE:
See http://www.gnu.org/copyleft/gpl.html for full text and details.

EXCEPTION: OBSOLETE is Copyright (c) 1991 by Yossi Gil, P.O.Box 3148,
Jerusalem, ISRAEL. As far as I can tell, this is freeware. It's in SIMTEL
and all over the place.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last Updated: Thu Sep 27 02:48:51 2001
-- JP Vossen <jp@jpsdomain.org> http://www.jpsdomain.org/
