Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
alexc88
Participant

Deploy new object to all policy package

Hi, I'm facing a issue with the deployment of a new object through all my policy packages. I have a group that is used on all of my policy package (about 40) and I need to add a new object inside that group. I added it, published the change and then I launched a "fw fetch -f myip" command to deploy but the new object works only on the policy package where I did the cahnge from. I tried into another to install policy via gui and it worked. Is there a way to script to all my gateway to fetch the new object? Thanks

0 Kudos
3 Replies
the_rock
Legend
Legend

Im thinking the only way must be via API. Let me see if I can do it in my lab on 4 different policy packages.

0 Kudos
alexc88
Participant

ok thanks, let me know! Thank you!!

0 Kudos
PhoneBoy
Admin
Admin

If you make a change to an object that is used in multiple policy packages (e.g. a group), each policy package must be compiled and installed to the relevant gateways for the change to take effect.
A "fetch" will only acquire the last installed/compiled policy.
This is expected behavior.

Prior to R81, you can only install one policy package at a time.
In R81 and above, you can install up to 5 of them.
It is scriptable via the API in any case.
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/install-policy~v1.8%20