Install different Checkpoint Firewall-1 policy from command line

Hey all,

I had a weird problem occur when I tried to upgrade my NG R55 firewall with the HFA11 hotfix (just released Nov 10, 04).  I was running HFA10.  When I loaded the hotfix and rebooted, the firewall reverted to the "defaultfilter" policy.  I was unable to attach to the firewall with my GUI clients to install my policy.  I double checked the firewall configuration from the command line using cpconfig and made sure I had my GUI clients configured properly.  I even directly connected one computer to the firewall's internal interface and added its IP in the GUI clients config, but still couldn't connect.

Is there any way to load one of my custom policies from the command line?  Better yet, but would installing a hotfix cause this problem?  I have installed all of the previous hotfixes without such an incident.

FYI - my firewall is running on the SecurePlatform OS (Checkpoint's flavor of Linux).  This is also my one and only firewall so it is the mgmt server as well as the VPN-1/Firewall-1 box.

Thanks for your help!

Jeff
LVL 13
masterbakerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nemesis-ServicesCommented:
you can unload the defaultfilter by the following, which I'm 99% certain this should work on secureplatform:

fw unload localhost

then go into your cp gui client and install the correct policy

also reboot the firewall and see what policy loads after the reboot
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masterbakerAuthor Commented:
What does the 'fw unload localhost' command actually do?
0
Nemesis-ServicesCommented:
it unloads any policy thats been loaded into the firewall (it's a very handy command firewall engineers use, when they are locked out of firewalls and allows engineers back into the firewall to load policy, fix faults etc
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

masterbakerAuthor Commented:
Ah ha.  I see.  That would be very useful.  I don't think I will have a chance to try this out until tomorrow evening though.  If it works, I'll be very happy & I'll award the points to you.

Thanks for the quick responses.

Jeff
0
Nemesis-ServicesCommented:
if localhost doesn't work, replace localhost with the SIC_name of the firewall) e.g: fw unload corpfw1

basically the name of the firewall hostname.
0
Nemesis-ServicesCommented:
hi, just wondering if you managed to try it out yet ? :)
0
masterbakerAuthor Commented:
Yes, I did just try this out Saturday night.  Guess I forgot to post back here - ack!  

It worked like a charm.  The hotfix again reverted to the defaultfilter, but this allowed me to get in there and change it.

Thanks for your help!

Jeff
0
Nemesis-ServicesCommented:
Thanks, glad to help - and I've taken a note about the hotfix (HFA11) reverting back to the default filter !

:)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.