CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: CLI script for pushing FW policies

  1. #1
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default CLI script for pushing FW policies

    Hi guys,

    We just hit that moment we need a script for firewall push.
    Scenario: two mgmt servers (active and standby) running R77.30. About 20 policy packages for each location.

    Any starting point here?

    Thanks!

  2. #2
    Join Date
    2010-11-11
    Posts
    57
    Rep Power
    10

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    Hi guys,

    We just hit that moment we need a script for firewall push.
    Scenario: two mgmt servers (active and standby) running R77.30. About 20 policy packages for each location.

    Any starting point here?

    Thanks!
    Cannot remember a way about pushing, but maybe a ssh triggered 'fw fetch <mgmtsrv>' on the gw will be a starting point?

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,658
    Rep Power
    10

    Default Re: CLI script for pushing FW policies

    I haven't done it, but this is what i found

    fwm load policy_name gateway

    policy_name and gateway are case sensitive.

  4. #4
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by jflemingeds View Post
    I haven't done it, but this is what i found

    fwm load policy_name gateway

    policy_name and gateway are case sensitive.
    It worked well. Thank you!

  5. #5
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    It worked well. Thank you!
    One quick question: I executed this command from another system using "remote SSH". It worked well, but I miss the command output. Basically I have no info of how it went. Any tips here?

    L.E. what is the file I can see the output after each firewall push on the mgmt. server?
    Last edited by laf_c; 2016-08-25 at 05:21.

  6. #6
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    6

    Default Re: CLI script for pushing FW policies

    I ma using global policy to install all polices in given CMA, below excerpt from global_autopolicy.sh

    Code:
    mdscmd install-globalpolicy -install -l CMA1 2>&1
    then save output in the file (see cron below)

    Code:
    0 23 * * 6 /var/scripts/global_autopolicy.sh > /var/scripts/global_autopolicy.txt 2>&1
    in fact I use Jenkins to schedule it (ssh plugin) , not cron. This way I got alerts when policy install fails

  7. #7
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    One quick question: I executed this command from another system using "remote SSH". It worked well, but I miss the command output. Basically I have no info of how it went. Any tips here?

    L.E. what is the file I can see the output after each firewall push on the mgmt. server?
    Script did provide the expected output, I was missing the right "window".
    Now I am curious about one thing, not that I intend to use it in production but just theory: if we use the mgmt. server to push policy can we use two SSH sessions and do two simultaneously FW push?

Similar Threads

  1. Help: Error while pushing policy
    By monika_engg in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2011-09-08, 23:30
  2. Documentation of best practices? Specifically pushing policies.
    By ryan_m in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 12
    Last Post: 2010-01-21, 02:41
  3. Issue with pushing policy in R65
    By gavvys in forum IPS Blade (Formerly SmartDefense)
    Replies: 9
    Last Post: 2008-05-05, 22:01
  4. Error pushing policy
    By parlay in forum Check Point Backup Procedures
    Replies: 8
    Last Post: 2007-11-15, 08:57
  5. Loosing connectivity when pushing policies...
    By Binary_01 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2006-12-07, 17:01

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •