Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3296
  • Last Modified:

Install different Checkpoint Firewall-1 policy from command line

Hey all,

I had a weird problem occur when I tried to upgrade my NG R55 firewall with the HFA11 hotfix (just released Nov 10, 04).  I was running HFA10.  When I loaded the hotfix and rebooted, the firewall reverted to the "defaultfilter" policy.  I was unable to attach to the firewall with my GUI clients to install my policy.  I double checked the firewall configuration from the command line using cpconfig and made sure I had my GUI clients configured properly.  I even directly connected one computer to the firewall's internal interface and added its IP in the GUI clients config, but still couldn't connect.

Is there any way to load one of my custom policies from the command line?  Better yet, but would installing a hotfix cause this problem?  I have installed all of the previous hotfixes without such an incident.

FYI - my firewall is running on the SecurePlatform OS (Checkpoint's flavor of Linux).  This is also my one and only firewall so it is the mgmt server as well as the VPN-1/Firewall-1 box.

Thanks for your help!

Jeff
0
masterbaker
Asked:
masterbaker
  • 5
  • 3
1 Solution
 
Nemesis-ServicesCommented:
you can unload the defaultfilter by the following, which I'm 99% certain this should work on secureplatform:

fw unload localhost

then go into your cp gui client and install the correct policy

also reboot the firewall and see what policy loads after the reboot
0
 
masterbakerAuthor Commented:
What does the 'fw unload localhost' command actually do?
0
 
Nemesis-ServicesCommented:
it unloads any policy thats been loaded into the firewall (it's a very handy command firewall engineers use, when they are locked out of firewalls and allows engineers back into the firewall to load policy, fix faults etc
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
masterbakerAuthor Commented:
Ah ha.  I see.  That would be very useful.  I don't think I will have a chance to try this out until tomorrow evening though.  If it works, I'll be very happy & I'll award the points to you.

Thanks for the quick responses.

Jeff
0
 
Nemesis-ServicesCommented:
if localhost doesn't work, replace localhost with the SIC_name of the firewall) e.g: fw unload corpfw1

basically the name of the firewall hostname.
0
 
Nemesis-ServicesCommented:
hi, just wondering if you managed to try it out yet ? :)
0
 
masterbakerAuthor Commented:
Yes, I did just try this out Saturday night.  Guess I forgot to post back here - ack!  

It worked like a charm.  The hotfix again reverted to the defaultfilter, but this allowed me to get in there and change it.

Thanks for your help!

Jeff
0
 
Nemesis-ServicesCommented:
Thanks, glad to help - and I've taken a note about the hotfix (HFA11) reverting back to the default filter !

:)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now