topic Re: Delete a policy rule from console in API / CLI Discussion

Delete a policy rule from console

Ilan_Nadav — Thu, 24 May 2018 13:24:20 GMT

Hi;

I configured a rule via Smartconsole for SMC that block access from my network to the FW itself (by mistake)#.

Since I have console access, I wonder if it is possible to delete this rule / revert last policy changes via the console?

thanks in advance;

Re: Delete a policy rule from console

Robert_Decker — Thu, 24 May 2018 13:30:52 GMT

yes, you can if you have the rule number -

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-access-rule~v1.1%20

robert.

Re: Delete a policy rule from console

PhoneBoy — Thu, 24 May 2018 20:14:34 GMT

That assumes you can reach the management

Note that FireWall-1 Control Connections (e.g. policy push) should be allowed by the implied rules, so you should be able to push a corrected policy from the management.

If that doesn't work, what you can do from the gateway itself with respect to the policy are:

Fetch policy from the management (fw fetch management_name)
Unload the existing policy (fw unloadlocal)

You cannot modify an existing loaded policy from the gateway itself.

Re: Delete a policy rule from console

Ray_Lal — Mon, 28 May 2018 21:42:20 GMT

As Dameon mentioned, you could disable the rule, then pull the new policy manually from the gateways.. Examples here

Checkpoint Firewall CLI tool “dbedit” and quick lab examples

Re: Delete a policy rule from console

Ilan_Nadav — Tue, 29 May 2018 04:32:59 GMT

Hi All;

Thanks for all your references.

I didn't have rule number / name to delete from CLI, and when I tried to add rule on top, action succeed, but still there wasn't ping to management IP - so eventually I reinstalled the FW and now it works.

🙂