How do I edit objects.C or objects_5_0.C properly? Editing objects.C is a lot more successful when there are no GUI clients (fwpolicy, fwlog, fwstatus) running against the management console. You can ensure that this is the case by killing the 'fwm' process using the command
cpwd_admin stop -name FWM in NG or
fw kill fwm in 4.1 and earlier. You can restart it by typing
cpwd_admin start -name FWM in NG or
fw fwm in 4.1. You should also remove objects.C.sav and objects.C.bak since if they have a more recent timestamp than objects.C, FireWall-1 will replace objects.C with one of these files. If your management console is on Windows, then make sure you use DOS edit or Wordpad. Do not use notepad!
Check Point generally recommends you fwstop or cpstop your management console when applying manual changes to objects.C, then typing fwstart or cpstart.
All changes to objects.C generally require re-installing the policy for them to take effect.
In NG, it is generally recommended that you use a utility called
dbedit to edit the objects_5_0.C file. A graphical version of this utility called GUIdbedit is also available from Check Point's site. If your management console is on a Nokia platform and you are using a version of NG prior to FP3, dbedit is known to be unstable and should not be used. In these cases, use GUIdbedit or manually edit the file. An example of using dbedit is provided below.
c:>
dbeditEnter Server name (ENTER for 'localhost'):
10.0.0.16Enter User Name:
dwelchEnter User Password:
abc123Please enter a command, -h for help or -q to quit:dbedit>
modify properties firewall_properties nat_dst_client_side_manual truedbedit>
update properties firewall_properties firewall_properties updated successfully.dbedit>
quitAlternatively, you may wish to use the Check Point Database Tool (guidbedit), available from the Check Point Utilities Download Page.-- Main.PhoneBoy - 30 Dec 2003
FAQForm FAQs.Class:
MiscellaneousFAQs OperatingSystem?: FAQs.Version: