Re: need help removing a bad NAT in the Command li...

Lee_Doran · ‎2018-12-17

I locked myself out of the firewall by not paying attention to the NAT rule. its no good and I cant figure out what command I need to remove it from the command line. (since I cant get back into the web interface) please help I don't want to have to start from square 1. I have

R77.20.81

thanks

Ahmed_Ali · ‎2018-12-18

Can you not use "fw unloadlocal" ? to temporarily unload the policy from the appliance and then make necessary NAT changes and deploy the policy again.

Lee_Doran · ‎2018-12-18

that worked but how to I enable the local again after running "fw unloadlocal"? sorry i'm still new to these firewalls

Ahmed_Ali · ‎2018-12-18

Hi Lee,

1) You can push the policy from the smart dashboard to the gateway.

2) or you can run this command in the gateway cli "fw fetch InsertYourManagementServerName"

Ben_Dunkley · ‎2018-12-18

Given that it's R77.20.81 - I'm assuming that this is a 700-series or 1400-series appliance?

So it's plausible that there might not be a management server, and SmartDashboard might not be an option.

Lee_Doran · ‎2018-12-18

1200R firewall

Lee_Doran · ‎2018-12-18

Hello Ahmed,

smart dashboard --not sure what that is. It is a locally managed firewall

haven't done a management server yet.

PhoneBoy · ‎2018-12-18

In the future, please post queries about the 1200R in the SMB and SMP‌ space so you are provided the most relevant help.

The CLI command to show NAT rules is show nat-rules

Once you figure out what position the erroneous NAT rule is in, you can use delete nat-rule position X to remove the erroneous rule.

See also: Check Point 600/700/1100/1200R/1400 Appliance R77.20.80 Technical Reference Guide

Are you a member of CheckMates?

need help removing a bad NAT in the Command line