Policy recovery

[vadi_ag]

Hi All
I have installed a policy on my firewall I have to make some changes in the installed policy I have created a new version and when i tried to install this new policy i got time out error and installation failed and the new version of policy got corrupted can u help me how can i recover this policy Pls help me

[kva.kva]

If you get time out error, it doesn't mean that your policy corrupted. May be with this error your policy is installed (sometimes it happens). But if you lost connections with your SC after that, you need to execute "fw unloadlocal" on module and try to reinstall policy.

[Lackie]

Yes, what usually happens is the rulebase that you are pushing out blocks the connection from the management station. It gets pushed out according to the firewall but because the managment station couldn't finish it's transaction it ends with an error.

Make sure you have a rule in your rulebase to access the firewall from the managment station.l

[vadi_ag]

Hi All
Thnx a lot for ur reply I do agree with u that if the time out error occurs then policy gets installed but this time i got this error and if i try to reinstall this policy then i am unable to do so can u pls help me on this i think that the policy is corrupted is there any way to recover this policy

[kva.kva]

Do you use phisical or virtual environment? Check loading your servers, free resources.

You can increase timeout between the SmartCenter server to the module:
1. stop the SmartCenter server
2. edit $FWDIR/conf/objects_5_0.C
3. search :install_policy_timeout
4. edit value in brackets
5. save the file and start the SmartCenter
6. Install the policy.

[vadi_ag]

Hi
Thnx for ur help this time the policy got installed
But I need to know Is there any way to recover the policy if it gets corrupted anticipating ur reply

[kva.kva]

What does it mean corrupted policy?
You can verify policy. If process of verify end without errors that does mean policy is correct. If you install policy and process of verify send you error, this policy doesn't install on your module.
You have troubles only if you get error messages in installation process (after correct verifying). But it doesn't connected with corrupted policy. If you have error in this case you need to reinstall policy.

[RayPesek]

When you push a policy, select the check box at the bottom to save a backup to the database. You can then revert to that backup from the File menu. This recovers the user database, the SmartDefense settings, a whole lot of stuff besides the policy.

Or use the command line upgrade_export.exe to occasionally create a .tgz compressed backup of your entire SmartCenter configuration, and burn it to a DVD or something for backup.

Ray