 | ||
 delete SA and IKE priodly | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-05-31 | |||
| |||
 delete SA and IKE priodly Hallo, it is possible that I can delete SA and IKE priodly such as by a cron job or by a script. I know that I mus use vpn tu to delete SA and IKE. But how can I work with the parameters 1 to 8? Thank you, Stephan  |
| 2006-05-31 | |||
| |||
| Re: delete SA and IKE priodly https://secureknowledge.checkpoint.c....do?id=skI2004 If you want it, you can use fw tab -t table_name -x table_name: To delete IKE SAs, delete the IKE_SA_table. To delete IPSEC SAs, delete the inbound_SPI table and the outbound_SPI table. If you want cron script, use next syntax in it: #!/bin/bash fw tab -t IKE_SA_table -x <<EOC yes EOC |
| 2006-05-31 | |||
| |||
| Re: delete SA and IKE priodly Thank you for your answer. What does EOC means? And what does especialy >> EOC means? Stephan |
| 2006-05-31 | |||
| |||
| Re: delete SA and IKE priodly EOC is a mark. << is "here document" From Advanced Bash−Scripting Guide (very useful doc - http://tldp.org/LDP/abs/html/) A "here document" is a special−purpose code block. It uses a form of I/O redirection to feed a command list to an interactive program or a command, such as ftp, cat, or the ex text editor. COMMAND <<InputComesFromHERE ... InputComesFromHERE A limit string delineates (frames) the command list. The special symbol << designates the limit string. This has the effect of redirecting the output of a file into the stdin of the program or command. It is similar to interactive-program < command−file, where command−file contains command #1 command #2 ... The "here document" alternative looks like this: #!/bin/bash interactive−program <<LimitString command #1 command #2 ... LimitString Choose a limit string sufficiently unusual that it will not occur anywhere in the command list and confuse matters. Note that here documents may sometimes be used to good effect with non−interactive utilities and commands. |
| 2006-06-01 | |||
| |||
| Re: delete SA and IKE priodly Hi, does this also work? #!/bin/bash fw tab -t IKE_SA_table -x yes Thank you, Stephan |
| 2006-06-01 | |||
| |||
| Re: delete SA and IKE priodly In the "there's more than one way to do it" category, you could also do: #! /bin/bashWhich to me is a bit clearer, provided you understand that the '|' character means "Send the output of this command to this other command." |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
