CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: fw sam database

  1. #1
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default fw sam database

    I am having to reinitialize the db as described in sk104761. this process wipes out all of the SAM rules.

    1) how can I check the list of Suspicious Activity Rules in CLI?
    2) how can I preserve this list or database when I reinitialize the database?

    thanks

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: fw sam database

    SAM is meant to be a temporary mechanism to drop connections until you can code up proper firewall rules to do it.
    It's not meant for long-term rule storage.
    I believe the files SAM uses are in $FWDIR/database (specifically sam_policy.db and sam_policy.mng) but I don't know if they are human readable.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2015-12-23
    Posts
    47
    Rep Power
    0

    Default Re: fw sam database

    SAM is a very good solution for temporary blocking malicious activities. these activities are usually short term. therefore it's better to leave them out of the policy. I've found this in the CLI reference guide. just unsure if the output is the entire database. I was hoping there is a file I could copy and restore after I resize initial_db.


    fw sam -M -nij all

Similar Threads

  1. Database Maintenance
    By trevino200 in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2015-02-03, 15:30
  2. Database revision control vs user database
    By jgarzam in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2013-03-01, 02:24
  3. Database corruption what to do?
    By heskez in forum SmartDashboard
    Replies: 5
    Last Post: 2012-12-06, 18:14
  4. external database
    By aussie_in in forum Secure Access
    Replies: 6
    Last Post: 2007-10-12, 12:02
  5. SmartDefense Database
    By mtoadmin in forum IPS Blade (Formerly SmartDefense)
    Replies: 0
    Last Post: 2006-03-29, 13:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •