[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1504
  • Last Modified:

Stop Checkpoint FW1 security policy from loading at boot: Solaris

Solaris 8.
I am trying to get the fw1 module not to load at boot time. I have removed the startup and there is no FW process running.

From what I can tell in /etc/init.d there isn't anything loading.

Where is module being loaded from?

0
SrArtemis
Asked:
SrArtemis
1 Solution
 
net_sec_guruCommented:
check out /etc/fw.boot

and what about the file:
/etc/rc2.d/Sxxcpp??? - can't think of the exact file name right now... and the "xx" is the number it's assigned.

It's the file that starts the firewall service...
0
 
SrArtemisAuthor Commented:
I removed all the FW startup files from the rc2 and rc3 directories already.  

Ps -ef | grep fw shows no processes. The security policy is being launched from something else.

0
 
EdUSCCommented:
do a cpstat -fw  to see what policy is loaded.  If there aren't any fw processes then the policy can't be active.

Why do you think it is loading?
0
The eGuide to Automating Firewall Change Control

Today‚Äôs IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
SrArtemisAuthor Commented:
I do not have cpstat on the machine unfortunately.

I know it is loading for two reasons:

1) on boot it shows FW-1 loading modules and fwstrmodwput for the interface.

2) When trying to connect via samba from windows it fails until I run /opt/CPfw1-41/bin/fwstop...then it reports to standard out:

Cannot kill fwp pid -fine we know it is not running
Cannot kill snmp pid - same
Cannot kill fwm pid -same
Unistalling security policy from all.all@host
Done

Then samba works fine.....

0
 
EdUSCCommented:
run dmesg and see if you can pick out the startup line for the module.  It may have a path for you.

I didn't realize you were on 4.1 which does not have the cpstat command.
0
 
dschwartzerCommented:
Firewall kernel loads the policy - not a user process.
If you're running NG, run cpconfig -> Automatic Start of Check Point products. There you can choose whether fw will load during boot.

Anyway to see the currently installed policy, run "fw stat", to unload the policy from the current computer and revert to "any-any-accept" run "fw unloadlocal".

Just for the information - any-any-accept is not completely equal to the absence of the FW on the machine - some kind of basic sanity inspection is still applied. This is not a problem for you, because if policy uninstall solves your problem.

HTH,
d
0
 
SrArtemisAuthor Commented:
I am not running NG. I am really not sure what NG is?

I ran fw stat and the following was reported:

localhost defaultfilter 5aug2000: [>qfe1]

I then ran fw unload localhost.
unistalling security policy from all.all@bork

fw stat again:
localhost -                           : <qfe1

I tried running fw unload qfe1 and got back the following:
unistall security policy from qfe1: No license for remoter unistall.

When I reboot it doesn't change anything. dmesg reports back that fw0 is /pseudo/fw@0
FW-1: fwstrmodwput: loading default filter on qfe1

Thoughts





0
 
EdUSCCommented:
Uninstall Checkpoint or create a startup script that performs a fw unloadlocal.  S99local would work.
0
 
yokelCommented:
cpconfig still works on versions previous to NG? If not try fwconfig (can't remember).
Once there as dschwar... says above, you should get an option to not start Checkpoint at startup.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now