- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi,
I can't reach my Azure test Installation atm. It is based on the R80.10 Cluster. How can I do the fw unloadlocal on azure based machines?
Kinrd Regards
Sascha Iseringhaus
Hi,
Since you don't have access to the console this is a little tricky, but doable.
You need to run a script via Exension. So create a shell script and and run this scripts as Custom Script for Linux.
The script can be like this, but there must be an empty line at the end:
#!/bin/bash
fw unloadlocal
Azure Linux Extensions: Custom Script for Linux | Azure Linux Support Team
Arnfinn
We cover this in the following sk: How to unload a security policy from vSEC for Azure Gateway
Hi, is the only way to do this via a support incident? I assume this is an Azure limitation?
Azure and AWS do not provide a way to access the console of a given VM.
Which means, if you lock out network access, regaining access may not be possible.
When I linked that SK, I believe the information in it was externally available--it's now in the internal portion that a Check Point TAC engineer can provide.
That said, it's similar to what https://community.checkpoint.com/people/astrad60b6d5c-7545-332e-aed1-6fead7f2c654 discussed above.
I really like the question. Anyone who ever needed the "fw unloadlocal" command will never forget that.
So I wanted to know how this method works before actually getting into such a situation where my stress level would go up.
I created the script, added the empty line and added the extension to a test vSEC gateway.
Make sure you use "bash nameofscript.sh" and not the standard filled in "sh script.sh"
The deployment of the script took about 4 minutes but at the end the policy uninstall was done. So it worked
For some reason the deployment of the extension kept running, but you can uninstall the extension which you should do anyway.
I don't know why Check Point isn't releasing the official sk...this article is worth gold.
I have just heard of a beta program with virtual serial connection on the US East Coast - so this might change soon...
I assume once it's something AWS or Azure provides, we will support it.
Serial console is now available in preview in most regions, very handy
https://azure.microsoft.com/en-us/updates/azure-serial-console/
Have used Azure Serial Console for "fw unloadlocal", works
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY