What are the release notes for Firewall Suite 4.1c?

This article applies to:

• Firewall Suite 4.1c

Question:

Symptoms:

• An msvcrt.dll error is received after upgrading to version 4.1c.
• Incoming reports with no data can fail.
• Gauntlet date logging causes incorrect reports.
• Only the first filter in the profile will copy when copying a "General Firewall Activity" profile with more than one filter.
• Reporting on a specific range in the "General Firewall Activity" cartridge fails when FastTrends is enabled.

Causes:

Information:

Q10876: What is new in Firewall Suite 4.1c?

Upgrading  to Version 4.1c

To upgrade from an earlier version of Firewall Suite, install it over your current installation. Firewall Suite preserves your existing data, profiles, and settings.

• Migrating Check Point OPSEC LEA connections

  Profiles that use Check Point LEA depend on a connection between the Check Point Management Server and the NetIQ LEA Service. In WebTrends Firewall Suite 4.1c, LEA connection configuration takes place in the user interface, rather than in the lea.conf configuration file.  During upgrade, existing LEA connections are migrated differently depending on the initial configuration. You may need to re-create your connection(s) using the new LEA Connections options.

  If you are migrating data between two Firewall Suite installations in different directories, Check Point file locations are not automatically migrated. You must manually change the location of the lea.conf file and the log file storage location in the user interface before you uninstall the older version.

  • Check Point NG using a clear connection

    Clear connections are migrated as Check Point 4.1 clear connections. Before you can collect data, go the General panel of the LEA Connections options and change the Server Type to Check Point NG.

  • Check Point 4.x using an authenticated connection

    Because of changes in the Check Point SDK since the release of Firewall Suite 4.1a, Firewall Suite no longer supports authenticated connections for Check Point 4.x.  If you created an authenticated connection in an earlier version of Firewall Suite, the upgrade process migrates the connection as an unauthenticated connection. To reestablish the connection, modify your firewall configuration using the settings for an unauthenticated connection. For more information about configuring unauthenticated connections, see the "Firewall Configuration Guide".

  • Check Point 4.x using an unauthenticated connection

    Unauthenticated connections are migrated without changes and work as usual after an upgrade. You can edit an unauthenticated connection through the user interface.

• Migrating between installations in different directories

  Past versions of Firewall Suite used a Microsoft Windows utility to migrate data between two installations in different directories. This version of Firewall Suite uses a .ini file and a command line program for installation-to-installation migration. For detailed instructions, see wtmigrate\migration_readme.txt in the Firewall Suite 4.1c installation directory. Do not use this method to migrate when you upgrade by installing Firewall Suite on top of an existing installation.

  If you are migrating between installations in different directories and you are using Check Point with OPSEC LEA, see section 3.1 for more information about migrating LEA connections.

Known Issues

• Incoming reports with no data can fail.
  If you create an Incoming report, you have enabled Resolve mode for DNS lookups, and no log data exists for the log file and report range specified, the report can fail.

• Workaround for gauntlet date logging.
  Because the year is not logged inside a Gauntlet log file, Firewall Suite parses the year based on the name of the file. By default, Gauntlet uses one of the following date formats to name log files:

  messages.mm.dd.yyyy
messages.dd.mm.yy

  Marshal strongly recommends that you use the default file names for your logs. If you use a file name other than the default, Firewall Suite determines the year based on the current system date. This can lead to reporting errors.

• Windows msvcrt.dll system file.
  This version of Firewall Suite requires an update to the mscvrt.dll system file during installation.  If other software has this system file open, the update will not occur.  If you launch Firewall Suite and receive an error regarding msvcrt.dll, the upgrade was not successful. Take the following steps to fix the problem:

  1. From a command prompt, rename the following file:

     \Winnt\System32\msvcrt.dll
     to
     \Winnt\System32\msvcrt.old

  2. Copy the msvcrt.dll file from the Firewall Suite root installation directory to the \Winnt\System32 directory.

  3. Restart your computer.

     This update should fix any msvcrt.dll errors.

• LEA and syslog services from previous versions.
  If you do not uninstall a previous version of Firewall Suite and install Firewall Suite 4.1c in a different directory, a registry key pointing to an incorrect location may cause problems when you run the WebTrends LEA Service or the WebTrends Syslog Service.  To fix this problem, remove the old versions from the registry:

  1. Close any WebTrends programs you are running. 

  2. Open a command prompt and change to the directory where the old version of Firewall Suite is installed.

  3. Type WTSyslogServer.exe /remove and press Enter.

  4. Type WTLeaService.exe /remove and press Enter.

  5. Start the new version of Firewall Suite.  If any profiles use the WebTrends LEA Service or the WebTrends Syslog Service, WebTrends Firewall Suite automatically adds the correct Microsoft Windows services.

  6. Exit and unload Firewall Suite.

  7. Using the Microsoft Windows Services Panel, check to see whether these services are running.  If the services are running, stop them.

  8. Copy the old profiles containing the LEA/Syslog log files to the new installation directory.

  9. Restart the services.

• In the General Firewall Activity cartridge, if you copy a profile with more than one filter, only the first filter in the profile file copies successfully.  This problem does not exist in the Incoming or Outgoing Firewall Activity cartridges.

• Reporting on a specific range in the General Firewall Activity cartridge:
  In the General Firewall Activity module, if you are running a report on a profile that has FastTrends enabled and you attempt to specify a specific range of dates and times to report upon, the report covers all the data in the log file regardless of the range specified.  To work around this problem, disable FastTrends for the profile and run the report again. Predefined report ranges work correctly.

To install Firewall Suite, follow these steps:

1. Run the setup.exe file on the computer where you want to install Firewall Suite.

2. You are prompted to provide an installation directory.  Choose a location on your local computer.

3. Choose which components you wish to install:

   • Program and Program files includes the core files necessary for Firewall Suite to run properly.

   • Examples include sample profiles, sample log files, and the sample departments.txt file.  If this is the first time you have used this version of Firewall Suite, we suggest you install the examples.

4. If the installation program detects a previous installation of Firewall Suite, you have the opportunity to automatically back up any replaced files.  If have not already backed up your custom files, we recommend that you back them up now.

To uninstall  Firewall Suite, follow these steps:

1. Open the Scheduler.

2. Click Service to open the Start or Stop WebTrends Service dialog box.

3. Click Stop Service to stop the Scheduler service.

4. Exit and unload the Firewall Suite program.

5. Uninstall Firewall Suite from the Windows Control Panel, using Add/Remove Programs.

This article was previously published as:

NETIQKB33270