Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Firewall Objects to Database Import

To: "Firewall-1 List (E-mail)" <[email protected]>
Subject: [FW1] Firewall Objects to Database Import
From: Carric Dooley <[email protected]>
Date: Tue, 13 Mar 2001 18:01:28 -0500 (EST)
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't know if this will be useful to anyone, but I used this to export
all my FW-1 objects into an access database so I could use the built-in
"duplicate query" to get rid of some of the duplicate objects in my
objects.C.

I modified a script I found on phoneboy's site so I take NO credit for the
hard work of the individual who originally wrote it. I modified it to get
rid of some formatting on the output, and probably did a crappy job, but
it did what I wanted after my "tinkerings".

If you just inherited a firewall that has 6x10^23 objects and you know you
have dups, this could help a little.  I was able to eliminate about 100
objects and about 65 services of the 2000+ objects in my objects.C.

Two more pieces of advice:

1.  <note-of-caution> DON'T RUN THIS ON YOUR FIREWALL!! </not-of-caution> 
I copy my objects.C and the current policy to my local hard drive and use
active perl on my (dare I say...) Win2K workstation.

2. Get one of the fwrulesxx.pl scripts from the phoneboy site (I use v4.2
and v5.0) and export your objects and policy to two files (something like
myfw_obj.html, and myfw_pol.html). When you go to zap your dup objects,
you will find the "policy query" feature is limited at best.  The
html versions of your policy and objects, gives you the ability to do a
find in  your web browser to look for your objects and what groups they
are in BEFORE you delete them and wreck your policy and get fired....  =)

This also gives you a snapshot of the policy and objects before you did
any changes in case you have to back a change out (hmmmm... and how did I
find this out?? - Let's just say you will be VERY glad if you exported to
html before you start... and NOT if you didn't).

Best of luck.



Carric Dooley
Senior Consultant
COM2:Interactive Media

"But this one goes to eleven."
- -- Nigel Tufnel


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Made with pgp4pine 1.75-6

iQA/AwUBOq6m0FUqWOkDpMZ2EQK1sACg9zaYOuzASeCXG59vnu8mVRtOuQMAoLmf
AWxV+kZ8g8xTwTROVKLWeH1T
=CVTH
-----END PGP SIGNATURE-----

Attachment: obj2db-fw1.zip
Description: Zip archive

Prev by Date: [FW1] Securemote/SDL/Firewall problem
Next by Date: RE: [FW1] SecuRemote Installation problem with Win 2000
Previous by thread: [FW1] Securemote/SDL/Firewall problem
Next by thread: [FW1] SecuRemote 4174 using PPPoE and NT Domain Login
Index(es):
- Date
- Thread