Re: policy.w file

kehagen · ‎2024-05-15

Hello,

I'm in the process of upgrading and I need to get Policy.W files off of the gateways. I have found the rulebases_5_0.fws and objects_5_0.C in the /opt/CPsuite-R77/fw1/conf directory, but I cannot find the Policy.W file anywhere. I can find _StatefulPolicy_.W in that same directory, but not Policy.W. Anybody know where I can find it?

the_rock · ‎2024-05-15

Hey Kenny,

Not sure that file even exists, I searched it with find command, nothing came up

Andy

[Expert@CP-FW-01:0]# find / -name Policy.W
[Expert@CP-FW-01:0]# find / -name policy.W
[Expert@CP-FW-01:0]#

G_W_Albrecht · ‎2024-05-16

This file <policy_name>.W only exists on SMS during the first stage of policy install - an old picture from How-To-Troubleshoot-Policy-Installation-Issues shows it:

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2024-05-16

Man, that looks OLD lol. Anyway, I dont believe you can find it anywhere in newer versions, or even starting from R80?

Andy

G_W_Albrecht · ‎2024-05-17

This is in sk11844 from 28.September 2011 - and no, this sk is deleted, and you will not find it in newer versions of the document...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2024-05-17

Makes sense, cheers.

Andy

the_rock · ‎2024-05-15

Not sure if this is related, but theres a file in below dir (name would be different for you). File is called policy.map

[Expert@CP-FW-01:0]# pwd
/opt/CPsuite-R81.20/fw1/state/CP-CLUSTER/FW1

On the mgmt server:

[Expert@CP-management:0]# cd /opt/CPsuite-R81.20/fw1/state/
[Expert@CP-management:0]# ls
CP-cluster CP-smart-event-server __tmp local
CP-gateway InternalCA_site.p12 links.C
[Expert@CP-management:0]# cd CP-cluster/
[Expert@CP-management:0]# ls
AMW FW1
[Expert@CP-management:0]# cd FW1/
[Expert@CP-management:0]# ls
auxfiles.map
local.DynamicContent
local.Sandbox-persistence.xml
local._policy_metadata
local.ad_query_profiles
local.allowed_clients_objects
local.appfw_misc
local.application
local.category
local.ccp
local.cloudShadowObjectsDumpForGateway
local.cluster_member
local.cmsDumpForGateway
local.connectra_global_properties
local.connectra_policy
local.cpmi_file
local.ctlver
local.current_recovery.profile
local.data_awareness_settings
local.data_files
local.db
local.dcerpc_service
local.device_settings_transactions
local.domain_objects_for_web_applications
local.dynobj
local.embedded_applications
local.eps_notify.html
local.eps_notify.mail
local.external_obj
local.fc
local.fc6
local.file_types
local.fileslist
local.ft
local.ft6
local.fwrl.conf
local.gateway
local.gateway_cluster
local.gateway_general_properties
local.global_preferences
local.gtp_services
local.host
local.host_ckp
local.httpsi_dnd
local.icmp_service
local.icmpv6_service
local.ics_configuration
local.identity_awareness_custom_settings
local.identity_roles
local.ifs
local.implied_rules
local.inspect.lf
local.intranet_community
local.ips_enhance
local.ips_granular_contexts
local.languages
local.lg
local.lg6
local.logo_directory_content.conf
local.magic
local.mail_servers
local.mgmt_dhcp_data
local.mobile_profiles
local.mobile_profiles_rulebase
local.mv_tag
local.nac_agents
local.nat_dnd
local.network
local.network_applications
local.network_group
local.objects
local.policy
local.policy.xml
local.products_updates
local.rad_services
local.realm_objects
local.realms
local.remote_access_clients_objects
local.rpc_service
local.rule
local.rule_adtr
local.rulebase
local.rulebase_tracks
local.sdopts.rec
local.securid
local.security_zone
local.service_group
local.set
local.sic_name
local.sr_community
local.ssl_certificates
local.ssl_inspection
local.sso_groups
local.str
local.str6
local.tcp_protocol
local.tcp_service
local.thresholds.conf
local.track
local.udp_protocol
local.udp_service
local.updatable_obj
local.user_check_interactions.C.converted
local.userdef
local.{939922F7-DF98-4988-B776-B70B9B8340F3}
local.{B9D14722-3936-4B33-814B-F87EA4062BEB}
policy.info
policy.map
[Expert@CP-management:0]# pwd
/opt/CPsuite-R81.20/fw1/state/CP-cluster/FW1
[Expert@CP-management:0]#

the_rock · ‎2024-05-15

By the way, for policy brother, thats ONLY on the mgmt server, so no need to really check those files on the gateway.

Andy

kehagen · ‎2024-05-15

That's what I thought, but our consultant told me to get them from the gateway.

the_rock · ‎2024-05-15

With all due respect, I think consultant is mistaken here 🙂

Andy

kehagen · ‎2024-05-16

I agree with you. I sent them your comment. Thanks buddy!

the_rock · ‎2024-05-16

No problem brother! By the way, just for the context, its totally different as say if you had Fortigate fw, without forti analyzer or fortimanager, ONLY the fw, well, then everything would be that fw alone, as there would be no other entity.

Best,

Andy

PhoneBoy · ‎2024-05-16

If you have rulebases_5_0.fws, you have all the policy packages (and associated rules) in one file.
Why do you need the .W file specifically?

the_rock · ‎2024-05-16

Just for my own knowledge, did policy.w file ever exist, even on older versions? I personally never recall seeing it.

PhoneBoy · ‎2024-05-16

It's policy_name.W, but yes, it's as @G_W_Albrecht explained above.

the_rock · ‎2024-05-16

Ah,kk, yes, that does exist, I thought @kehagen meant EXACT name of the file was just policy.W...Im thinking, wait, NEVER heard of such a name haha

Andy

Are you a member of CheckMates?

policy.w file