Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

need help removing a bad NAT in the Command line

I locked myself out of the firewall by not paying attention to the NAT rule. its no good and I cant figure out what command I need to remove it from the command line. (since I cant get back into the web interface) please help I don't want to have to start from square 1. I have

R77.20.81

thanks

0 Kudos
7 Replies
Highlighted
Ivory

Can you not use "fw unloadlocal" ? to temporarily unload the policy from the appliance and then make necessary NAT changes and deploy the policy again.

0 Kudos
Highlighted
Ivory

that worked but how to I enable the local again after running "fw unloadlocal"? sorry i'm still new to these firewalls

0 Kudos
Highlighted
Ivory

Hi Lee,

1) You can push the policy from the smart dashboard to the gateway.

2) or you can run this command in the gateway cli "fw fetch InsertYourManagementServerName"

 

0 Kudos
Highlighted

Given that it's R77.20.81 - I'm assuming that this is a 700-series or 1400-series appliance?

So it's plausible that there might not be a management server, and SmartDashboard might not be an option.

0 Kudos
Highlighted
Ivory

1200R firewall

0 Kudos
Highlighted
Ivory

Hello Ahmed,

smart dashboard --not sure what that is. It is a locally managed firewall

haven't done a management server yet.

0 Kudos
Highlighted
Admin
Admin

In the future, please post queries about the 1200R in the SMB and SMP‌ space so you are provided the most relevant help.

The CLI command to show NAT rules is show nat-rules

Once you figure out what position the erroneous NAT rule is in, you can use delete nat-rule position X to remove the erroneous rule.

See also: Check Point 600/700/1100/1200R/1400 Appliance R77.20.80 Technical Reference Guide