cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Lee_Doran
Ivory

need help removing a bad NAT in the Command line

I locked myself out of the firewall by not paying attention to the NAT rule. its no good and I cant figure out what command I need to remove it from the command line. (since I cant get back into the web interface) please help I don't want to have to start from square 1. I have

R77.20.81

thanks

0 Kudos
7 Replies
Ahmed_Ali
Ivory

Re: need help removing a bad NAT in the Command line

Can you not use "fw unloadlocal" ? to temporarily unload the policy from the appliance and then make necessary NAT changes and deploy the policy again.

0 Kudos
Lee_Doran
Ivory

Re: need help removing a bad NAT in the Command line

that worked but how to I enable the local again after running "fw unloadlocal"? sorry i'm still new to these firewalls

0 Kudos
Ahmed_Ali
Ivory

Re: need help removing a bad NAT in the Command line

Hi Lee,

1) You can push the policy from the smart dashboard to the gateway.

2) or you can run this command in the gateway cli "fw fetch InsertYourManagementServerName"

 

0 Kudos

Re: need help removing a bad NAT in the Command line

Given that it's R77.20.81 - I'm assuming that this is a 700-series or 1400-series appliance?

So it's plausible that there might not be a management server, and SmartDashboard might not be an option.

0 Kudos
Lee_Doran
Ivory

Re: need help removing a bad NAT in the Command line

1200R firewall

0 Kudos
Lee_Doran
Ivory

Re: need help removing a bad NAT in the Command line

Hello Ahmed,

smart dashboard --not sure what that is. It is a locally managed firewall

haven't done a management server yet.

0 Kudos
Admin
Admin

Re: need help removing a bad NAT in the Command line

In the future, please post queries about the 1200R in the SMB and SMP‌ space so you are provided the most relevant help.

The CLI command to show NAT rules is show nat-rules

Once you figure out what position the erroneous NAT rule is in, you can use delete nat-rule position X to remove the erroneous rule.

See also: Check Point 600/700/1100/1200R/1400 Appliance R77.20.80 Technical Reference Guide