Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Di_Junior
Advisor

Install Threat Prevention Policy with Cron Job

Dear Mates

 

I wish to have a cron job that will be installing the threat prevention policy every 20 minutes. Could you help me how to achieve this.

 

Thanks in advance

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend

I do not understand the reason for your wish, as a TP policy will not change automatically and surely not every every 20 mins. Issue the following command on the GW to achieve it:

  1.  # fw fetch <MGMT IP address>
    
0 Kudos
G_W_Albrecht
Legend
Legend

There is a relevant discussion here: Re: Is it possible to install a Policy without sending it to the Gateways???

Summary: No fetch will ever occur, because the policy did not change, and local policy will be installed that does not differ from the currently installed. After a Policy install, the same occurs with the new policy.

 

0 Kudos
PhoneBoy
Admin
Admin

What precisely are you hoping to achieve by doing this?

0 Kudos
_Val_
Admin
Admin

the main question is, why?

0 Kudos
Timothy_Hall
Champion
Champion

As others have observed not sure exactly why you would want to do this, but to reinstall the Threat Prevention policy only and not the Access Control policy with it, the command would be fw amw fetch <MGMT IP Address>

The gateway dynamically receives pattern/signature updates for the various TP blades automatically, so there is no need to reinstall/fetch the AMW/TP policy to make those updates take effect.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com