Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Garrett_DirSec
Advisor

need "initial policy" specifics for R81 distributed gateway (no SIC established)

Hello --

Initial Policy on model 5800 newly re-imaged with R81 (no jumbo ...yet).

SIC has NOT been established with SmartCenter.

What should we expect with initial policy after Initial Setup Wizard completed?

Immediately after run of Wizard, we can talk to gateway Mgmt IP (192.168.1.1) via both SSH and HTTPS/443.

I know that I can establish SIC at this point, so I know there are subset of secure CP services that are accepted.

At all times, I'm assuming Initial Policy allows full outbound access originated from gateway.

If we gracefully reboot this gateway, the inbound SSH and HTTPS/443 are blocked and we must execute "fw unloadlocal".

why is this true after reboot?    

why does Initial Policy "change" from period following Wizard to following reboot?  This weird.

The Administrator Guide does NOT delve into specifics on this.   Initial-Policy-R81.

I did find the discussed on following thread interesting Initial Policy after Firmware Upgrade.

thanks -GA

 

0 Kudos
1 Reply
Bob_Zimmerman
Advisor

After the first-time wizard, you should get InitialPolicy. That one allows management services.

After a reboot, you probably get defaultPolicy instead. That one drops everything. You can check this with 'fw stat' before the 'fw unloadlocal'.