AnsweredAssumed Answered

Policy installation and verification question

Question asked by Don Paterson on Dec 9, 2017
Latest reply on Dec 10, 2017 by Dan Zaidman



I am hoping someone can give me more detailed or background information (or a link to an SK) to learn more about the steps below. Especially step 2.


Verification & Compilation

The Verification & Compilation stage of policy installation occurs on the management side. It involves the following steps:


1.Initiation — Policy installation is initiated either from SmartConsole or from the command line. 

2.Database Dump — A database dump from postgres to old file formats for cpmitable only if changes occurred. A dump from non cpmi will occur any time.

3.Verification — Information in the database is verified to comply with a number of rules specific to the application and package for which policy installation is requested. 

4.Conversion — The information in the database is converted from its initial format to the format understandable by later participants in the flow, such as code generation and gateway.

5.Fwm rexecFwm loader takes a lot of memory. To release memory after verification and conversion, fwm state is saved to a file located in the $FWDIR/tmp/ directory. fwm is then re-executed as a fwm load command to push the files for code generation and compilation.

6.Code Generation and Compilation — Policy is translated to the INSPECT language and compiled with the INSPECT compiler.