This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-04-04 10:14 AM
Jump to solution

R80.x - Debug policy installation on gateway

There is a simple way to debug the policy installation on a gateway.

1) Log on to the management server

2) Opens the expert mode

# expert

3) Staret the debug into a text file

# export INTERNAL_POLICY_LOADING=1
# fwm -d load <POLICY> <GATEWAY> &> test.txt

4) Now you can analyze the installation issue in the textfile text.txt. Now it takes a bit of experience to find the issue.

(view in My Videos)
  

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Solution

Accepted Solutions
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-04-05 08:57 AM
In response to James_Hawkins
Jump to solution

Add  this to a file for example to installpolicy.sh.

# vi /home/admin/installpolicy.sh

export INTERNAL_POLICY_LOADING=1
fwm load <POLICY> <GATEWAY> 

Now set +x to this file:

# chmod +x installpolicy.sh

Now set this file as cronjob!

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2019-04-04 04:08 PM
Jump to solution

One extra step to debug policy loading from the CLI now...
James_Hawkins
Participant
‎2019-04-05 06:02 AM
Jump to solution

It is very interesting that you can install the policy via CLI.

We have many firewalls in Australia and the policy installation takes a long time.

Then I can perform the installation at night script controlled.

 

 

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-04-05 08:49 AM
In response to James_Hawkins
Jump to solution

Hi @James_Hawkins 

Yes it is possible. I use this to install policys in China every night via cronjob.

Regards

Heiko

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-04-05 08:57 AM
In response to James_Hawkins
Jump to solution

Add  this to a file for example to installpolicy.sh.

# vi /home/admin/installpolicy.sh

export INTERNAL_POLICY_LOADING=1
fwm load <POLICY> <GATEWAY> 

Now set +x to this file:

# chmod +x installpolicy.sh

Now set this file as cronjob!

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
James_Hawkins
Participant
‎2019-04-05 09:01 AM
In response to HeikoAnkenbrand
Jump to solution

THX

James

0 Kudos
Eddie_Kalbert
Employee
Employee
‎2019-04-08 08:23 AM
In response to James_Hawkins
Jump to solution

Additional way to run policy installation automatically is by running from the gateway:

fw fetch local

The gateway will then fetch the last policy that was installed from the mgmt.

Working from clish as well as from expert mode.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events