How do I edit objects.C or objects_5_0.C properly?

[BarryStiefel]

How do I edit objects.C or objects_5_0.C properly?



Editing objects.C is a lot more successful when there are no GUI clients (fwpolicy, fwlog, fwstatus) running against the management console. You can ensure that this is the case by killing the 'fwm' process using the command cpwd_admin stop -name FWM in NG or fw kill fwm in 4.1 and earlier. You can restart it by typing cpwd_admin start -name FWM in NG or fw fwm in 4.1. You should also remove objects.C.sav and objects.C.bak since if they have a more recent timestamp than objects.C, FireWall-1 will replace objects.C with one of these files. If your management console is on Windows, then make sure you use DOS edit or Wordpad. Do not use notepad!

Check Point generally recommends you fwstop or cpstop your management console when applying manual changes to objects.C, then typing fwstart or cpstart.

All changes to objects.C generally require re-installing the policy for them to take effect.

In NG, it is generally recommended that you use a utility called dbedit to edit the objects_5_0.C file. A graphical version of this utility called GUIdbedit is also available from Check Point's site. If your management console is on a Nokia platform and you are using a version of NG prior to FP3, dbedit is known to be unstable and should not be used. In these cases, use GUIdbedit or manually edit the file. An example of using dbedit is provided below.

c:> dbeditEnter Server name (ENTER for 'localhost'): 10.0.0.16Enter User Name: dwelchEnter User Password: abc123Please enter a command, -h for help or -q to quit:dbedit> modify properties firewall_properties nat_dst_client_side_manual truedbedit> update properties firewall_properties firewall_properties updated successfully.dbedit> quitAlternatively, you may wish to use the Check Point Database Tool (guidbedit), available from the Check Point Utilities Download Page.-- Main.PhoneBoy - 30 Dec 2003

FAQForm FAQs.Class: MiscellaneousFAQs OperatingSystem?: FAQs.Version:

[HotDog]

Hi,
I cant edit the objects_5_0.c to add a post_connect _script into SecureClient VPN.

I have tried to change the objects_5_0.c in order to get a post_connect_script to run after successfull vpn connection.

I run cpstop, edit the objects_5_0.c file with dbedit - post_connect_script (c:\blabla.bat). The change is applied to the file.
I run cpstart. I open the smart dashboard an reinstall the policy.

I use the SecureClient packaging tool and create an install package (connect mode). I create a new site in the SecureClient an connect to our FW1.
The policy gets uppdated. But ther is no sign of the post_connect script

Did i miss something ? Tried to follow the post "How do I edit Objects_5_0.c properly"

Regards
HotDog

[Boonsa]

Hi,

For the Post Connect Script, I used GuiDBedit.exe found on the Management Server under:

\Program Files\CheckPoint\SmartConsole\Rxx\PROGRAM

Logon as you would SmartDashboard (ensuring no outher GUI clients are logged in).

Click on Global Properties, then Firewall_Properties, then scroll down to the field:

"desktop_post_connect_script"

Ensure the Type is set to String and in the Value type (without the quotes) "c:\blabla.bat"

I also set the field:

"desktop_post_connect_script_show_window" to TRUE, for testing.

Save your changes, re-install the policy on the firewall, update the Secureclient site and it should work providing the batch file is on the SecureClient machine.

Hope this helps,

John