This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marcinw
Contributor
‎2020-04-24 04:21 AM
Jump to solution

changing "masters" file on SMB

Hi,

I've changed "masters" file in $FWDIR/conf/ on SMB 1500 checkpoint, of course every time SMB downloads policy from SMS changed it. On gateway firewall I can use GuiDBedit to change this behaviour on gateway firewall , but how to change it on SMB ?

0 Kudos
1 Solution

Accepted Solutions
sarshar
Contributor
‎2023-03-06 09:07 AM
In response to G_W_Albrecht
Jump to solution

Contacted TAC and they resolved it by sk171055

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2020-04-25 07:41 PM
Jump to solution

What's the precise reason you need to change it?
G_W_Albrecht
Legend Legend
Legend
‎2020-04-27 02:50 AM
Jump to solution

Easy: See sk102712: $FWDIR/conf/masters file on Security Gateway is overwritten during each policy installatio...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
sarshar
Contributor
‎2023-03-03 05:42 AM
In response to G_W_Albrecht
Jump to solution

Hey Albrecht,

 

Today I realized a couple of 1550s stopped logging.

They are running R81.10 and those two firewalls are in a VPN community along with another identical firewall that doesn't have the logging issue.

 

Traditionally, modified the masters file to replace the hostname of the CPM with its external IP address, also added the CPM with the ext IP to the /etc/hosts file and froze the define_logging_servers and use_loggers_and_masters by setting them to "false" in GUIEDEDIT

Then saved the changes to the DB and opened SmartConsole R81.20 and pushed the policies, the content of the masters file got overwritten therefore the logging issue didn't get resolved.

It might be useful to mention I faced this issue with every firewall we recently upgraded (replaced the appliance), which includes the 3000 series with R81.20 T631

Your kind advice on this will be appreciated, I cannot troubleshoot other connectivity issues without logging.

 

Regards,

Sarshar Dadashzadeh

PhoneBoy
Admin
Admin
‎2023-03-03 04:40 PM
In response to sarshar
Jump to solution

If you want to ensure masters isn't overwritten, try setting the immutable flag on the masters file in expert mode.
e.g. chattr +i $FWDIR/conf/masters

How persistent this change is across upgrades is not known.

G_W_Albrecht
Legend Legend
Legend
‎2023-03-04 01:18 AM
In response to sarshar
Jump to solution

Better consult with TAC ! That should not be needed and 1 working but two identical units not needs finding the cause !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
sarshar
Contributor
‎2023-03-06 09:07 AM
In response to G_W_Albrecht
Jump to solution

Contacted TAC and they resolved it by sk171055

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-03-06 01:56 PM
In response to sarshar
Jump to solution

Very good!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-04-27 03:17 AM
Jump to solution

The oldest trick in such cases from the book is to limit access rights so overwrite will not be possible 😎.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events