CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: CLI script for pushing FW policies

  1. #1
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default CLI script for pushing FW policies

    Hi guys,

    We just hit that moment we need a script for firewall push.
    Scenario: two mgmt servers (active and standby) running R77.30. About 20 policy packages for each location.

    Any starting point here?

    Thanks!

  2. #2
    Join Date
    2010-11-11
    Posts
    57
    Rep Power
    9

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    Hi guys,

    We just hit that moment we need a script for firewall push.
    Scenario: two mgmt servers (active and standby) running R77.30. About 20 policy packages for each location.

    Any starting point here?

    Thanks!
    Cannot remember a way about pushing, but maybe a ssh triggered 'fw fetch <mgmtsrv>' on the gw will be a starting point?

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,650
    Rep Power
    10

    Default Re: CLI script for pushing FW policies

    I haven't done it, but this is what i found

    fwm load policy_name gateway

    policy_name and gateway are case sensitive.

  4. #4
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by jflemingeds View Post
    I haven't done it, but this is what i found

    fwm load policy_name gateway

    policy_name and gateway are case sensitive.
    It worked well. Thank you!

  5. #5
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    It worked well. Thank you!
    One quick question: I executed this command from another system using "remote SSH". It worked well, but I miss the command output. Basically I have no info of how it went. Any tips here?

    L.E. what is the file I can see the output after each firewall push on the mgmt. server?
    Last edited by laf_c; 2016-08-25 at 05:21.

  6. #6
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    5

    Default Re: CLI script for pushing FW policies

    I ma using global policy to install all polices in given CMA, below excerpt from global_autopolicy.sh

    Code:
    mdscmd install-globalpolicy -install -l CMA1 2>&1
    then save output in the file (see cron below)

    Code:
    0 23 * * 6 /var/scripts/global_autopolicy.sh > /var/scripts/global_autopolicy.txt 2>&1
    in fact I use Jenkins to schedule it (ssh plugin) , not cron. This way I got alerts when policy install fails

  7. #7
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: CLI script for pushing FW policies

    Quote Originally Posted by laf_c View Post
    One quick question: I executed this command from another system using "remote SSH". It worked well, but I miss the command output. Basically I have no info of how it went. Any tips here?

    L.E. what is the file I can see the output after each firewall push on the mgmt. server?
    Script did provide the expected output, I was missing the right "window".
    Now I am curious about one thing, not that I intend to use it in production but just theory: if we use the mgmt. server to push policy can we use two SSH sessions and do two simultaneously FW push?

Similar Threads

  1. Help: Error while pushing policy
    By monika_engg in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2011-09-08, 23:30
  2. Documentation of best practices? Specifically pushing policies.
    By ryan_m in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 12
    Last Post: 2010-01-21, 02:41
  3. Issue with pushing policy in R65
    By gavvys in forum IPS Blade (Formerly SmartDefense)
    Replies: 9
    Last Post: 2008-05-05, 22:01
  4. Error pushing policy
    By parlay in forum Check Point Backup Procedures
    Replies: 8
    Last Post: 2007-11-15, 08:57
  5. Loosing connectivity when pushing policies...
    By Binary_01 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2006-12-07, 17:01

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •