 | ||
 Undo a bad pushed policy | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-18 | |||
| |||
 Undo a bad pushed policy Folks, This hasn't happened to me yet, but in case it ever does I would like to know what my options are. Scenerio - I have a Nokia FW at my physical locaiton in the server room. However, the management GUI is located on a server in another country which we access via a site-to-site VPN (yes...will eventually change this). If I push a bad policy and hose my network, provided I can console directly onto the box, how do I change that policy? Undo that policy? Unload that policy? And can I revert to the previous policy? thanks...BirdDog  |
| 2007-10-18 | |||
| |||
| Re: Undo a bad pushed policy You can do a "fw unloadlocal" to unload the policy and install a new one. On the management server you can use the database revision control to revert to a previous version. mostly you don't need to use it to recover a bad policy since you'll know what you changed. |
| 2007-10-18 | |||
| |||
| Re: Undo a bad pushed policy What actually happens when with the "fw unloadlocal". It will unload the existing policy, but then I have no policy correct? My site to sites would still be down until I get the correct policy? But, my SmartDashboard is on another server that I wouldn't be able to get to. Is there a way to keep a backup of a good working policy on the Nokia? That way, if this happens, I can unlodlocal and import this backed up policy. Anything like that? |
| 2007-10-19 | |||
| |||
| Re: Undo a bad pushed policy You can't have a backup policy other then the default. Whilst this can be modified I don't think that you will get to modify to the extent that you want. I would suggest that you create a backdoor access method to the Server that does not rely on the Check Point Site to Site for access and then keep the access method unpublished other then to the firewall admins, and only use in an emergency. |
| 2007-10-19 | |||
| |||
| Re: Undo a bad pushed policy If you can perform an fwm load at the SMARTCenter then that will push a policy to the gateway. You could change the policy name everytime you change and so use the previous policy name with the fwm load. It's not reverting to the old policy as such it merely pushes a policy down to the gateway. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
