topic fw unloadpolicy on a gateway in AWS in Cloud Firewall

fw unloadpolicy on a gateway in AWS

Yevgeniy_Yeryom — Tue, 17 Jul 2018 12:32:45 GMT

Hello together,
is it a way to deinstall the policy e.g. by "fw unloadpolicy" on a gateway in AWS?

Cheers,
Yevgeniy

Re: fw unloadpolicy on a gateway in AWS

Nikhil_Deshmukh — Thu, 19 Jul 2018 12:37:01 GMT

fw unloadlocal will 'unload' the policy from the appliance. To load a policy you have to either push it out from the management station either using DashBoard or command line or fetch it using command line on the appliance.

Caution:- Do not run the same in Production Gateway.

Re: fw unloadpolicy on a gateway in AWS

NickGriffiths — Fri, 20 Jul 2018 08:45:31 GMT

If you find yourself in the, um, unfortunate position of having managed to lock yourself out of an Azure based management server (or gateway for that matter) by pushing an erroneous policy to a gateway, there is a little access tool to help you fudge a way to restoring comms;

I had a similar issue at a customer who was using an internal Cluster across an express route, so (not internet facing as such; and thankfully no NAT was involved as this was just a datacentre extension) but using the 'Serial console' from within Azure Portal I was able to 'fw unloadlocal' and also enable ip forwarding [echo 1 > /proc/sys/net/ipv4/ip_forward] (absolutely not recommended) to get access back to the management server through the gateway.

Just in case this helps anyone else out.

Edit: Just read the original question, it's about AWS, my response is purely for Azure, doh!