Requirement for "fw unload local" command

[sachden]

Hi all

We manage lot of Checkpoint firewalls for our customers.During one of the issues a CP Mgmt Server (for which we take RDP) was rebooted , it came up however only onsite engineer (at datacentre ) was able to see . When we tried pinging locally (please note ping was working earlier from our end to management server) we were not able to reach the server.After that we asked our onsite engg. to give comamnd "fw unload local " , after that we were able to take RDP of the mgmt server

Please let me know as to in whch circumstance this command is used and why in my circumstance it was required

Regrds
Ankur

[eduardw]

Hi,

fw unloadlocal is usually used on firewalls when you by accident ad a rule to the policy which blocks the traffic to the firewall. Or after a clean install the default policy will block almost traffic to and through the newly installed firewall.
This command unloads the local fw policy and also stops the routing deamon. So then you are only able to communicate to the firewall and not able to send packets through it.
But in you case It looks like that your management station also has a firewall policy. Check the checkpoint object of your management station and see if the fw1 option is highlighted.
When you do not use your management station as a firewall you could deactivated the firewall on the management station. When it also is in use as a firewall make sure the appropriate rules for management are in place.

Eduard

[MarioL]

What that means is that there is a firewall module running on the management server. Not sure that is the intended scenario. That's why you needed to unload the policy before you could connect.