This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sascha_Iseringh
Explorer
‎2017-07-31 03:06 AM

How to fw unloadlocal in azure?

Hi, 

I can't reach my Azure test Installation atm. It is based on the R80.10 Cluster. How can I do the fw unloadlocal on azure based machines? 

Kinrd Regards

Sascha Iseringhaus

9 Replies
Arnfinn_Strand
Employee
Employee
‎2017-07-31 05:20 AM

Hi,

Since you don't have access to the console this is a little tricky, but doable.

You need to run a script via Exension. So create a shell script and and run this scripts as Custom Script for Linux.

The script can be like this, but there must be an empty line at the end:

#!/bin/bash
fw unloadlocal

Azure Linux Extensions: Custom Script for Linux | Azure Linux Support Team 

Arnfinn

PhoneBoy
Admin
Admin
‎2017-07-31 07:03 AM
In response to Arnfinn_Strand

We cover this in the following sk: How to unload a security policy from vSEC for Azure Gateway 

0 Kudos
Gareth_Blinkhor
Explorer
‎2017-11-24 03:02 AM
In response to PhoneBoy

Hi, is the only way to do this via a support incident?  I assume this is an Azure limitation?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-11-24 09:32 PM
In response to Gareth_Blinkhor

Azure and AWS do not provide a way to access the console of a given VM.

Which means, if you lock out network access, regaining access may not be possible.

When I linked that SK, I believe the information in it was externally available--it's now in the internal portion that a Check Point TAC engineer can provide.

That said, it's similar to what https://community.checkpoint.com/people/astrad60b6d5c-7545-332e-aed1-6fead7f2c654‌ discussed above.

0 Kudos
Jeroen_Demets
Collaborator
‎2017-12-14 02:33 AM
In response to Arnfinn_Strand

I really like the question. Anyone who ever needed the "fw unloadlocal" command will never forget that.

So I wanted to know how this method works before actually getting into such a situation where my stress level would go up.

I created the script, added the empty line and added the extension to a test vSEC gateway.

Make sure you use "bash nameofscript.sh" and not the standard filled in "sh script.sh"

The deployment of the script took about 4 minutes but at the end the policy uninstall was done. So it worked Smiley Happy

For some reason the deployment of the extension kept running, but you can uninstall the extension which you should do anyway.

I don't know why Check Point isn't releasing the official sk...this article is worth gold.

G_W_Albrecht
MVP Silver
MVP Silver
‎2018-03-08 02:51 AM

I have just heard of a beta program with virtual serial connection on the US East Coast - so this might change soon...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-08 08:51 AM
In response to G_W_Albrecht

I assume once it's something AWS or Azure provides, we will support it.

Richard_Cove
Contributor
‎2018-05-07 11:28 PM

Serial console is now available in preview in most regions, very handy

https://azure.microsoft.com/en-us/updates/azure-serial-console/ 

0 Kudos
Nikhil_Deshmukh
Contributor
‎2018-05-08 01:17 AM

Have used Azure Serial Console for "fw unloadlocal", works 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events