First, an update. NAI has already released a fix regarding my original e-mail. You can download it from: http://www.tis.com/support/patch50.html Thanks to NAI support for getting a fix out so quickly. Strange wrote: > > According to the folks we asked at NAI in June about the Gauntlet install > procedure (on all supported OSes), the install order to be used is: > > Install OS > Install OS patches > Install Gauntlet > Install Gauntlet patches > never install any OS patches again True, but many people install the firewall then the OS vendor releases a patch. > Because of that last nasty gotcha, we use a firewall builder box when we > want to "patch" the firewalls. We then pull the newly-built drives, and > swap them into the extant firewall box. Lather, rinse, repeat. You are a stronger person than I... I wouldn't want to have to keep securing the OS on a box and "reinstalling" the firewall everytime the OS/firewall vendor releases an important patch... :-) > Interestingly, this is what the vendor told us to *always* do, under *all* > circumstances. I'd say that if you're going to apply vendor patches, you > should assume you have to do a full Gauntlet reinstall because Gauntlet > 5.0 replaces some key kernel items. See above.... > I.e., a vendor patch replaced code that the gauntlet had already replaced. Exactly. > I am wondering if this is *really* a Gauntlet bug or a Gauntlet vendor > documentation bug. Which is why the word "bug" never appeared in the original alert. Had the M310-049 patch not been required for the kernel patch install, very few of us would have run into the problem. > (they do not, as far as we could tell, make it plain that you > should not apply vendor patches after installing the firewall) Not exactly true. Look here: http://www.tis.com/support/bsd31.html --Keith -kyoung@v-one.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:55 PDT