[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Create master rulebase from local
"Robert MacDonald" <[email protected]> wrote: >Date: Thu, 16 Nov 2000 12:45:04 -0500 >Do this. > >Start the GUI on your system. In the management server >field type *local and give any old username and password >you would like. Press enter. > >Voila(extent of my French) your in a local copy of a firewall >policy. This allows you to play, play, play...err test, test, test. > >You can copy your real policy and objects to your local >system and play with them. I don't have those off hand, see >phoneboy. Make a copy of the local just in case. > >Is this what you wanted to know? Uhh... what's that saying, knowledge is the slow realization of the magnitude of one's ignorance? I've never played with *local. What's *local? I just loaded a fresh version of 4.1, nothing's on there yet. fire up the gui, connect to localhost and I get a clean slate, nothing written yet. connect to *local and I get some funky demo-like rulebase, next to the tabs for Security & NAT policy I also get tabs for Bandwidth & Compression Policy, none of which I installed. Where did the gui get this? the state directory where all the local.* are kept is empty. Anyway you've diverted me from the original question. Which was, if one day we reap the IT equivalent of karmic retribution & the management server falls over for good, can I recreate its objects.C and all the rulebase from what's on the firewalls? (they are different boxes) As far as I know, the firewall keeps a copy of the last good policy installed, in state/local.fc, state/local.ojbects, etc. There is also a rules.C and objects.C in the firewall's $FWDIR/database directory. Do I have enough? Usual way: master objects.C + rules.W => rules.pf => rules.fc Can I go backward? local.fc + local.rules.C + local.objects.C => rules.W What's the difference between firewall copy of objects.C & master copy of objects.C? What's rules.C for?? This question is killing me!! CT ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|