- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: fw unloadpolicy on a gateway in AWS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fw unloadpolicy on a gateway in AWS
Hello together,
is it a way to deinstall the policy e.g. by "fw unloadpolicy" on a gateway in AWS?
Cheers,
Yevgeniy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fw unloadlocal will 'unload' the policy from the appliance. To load a policy you have to either push it out from the management station either using DashBoard or command line or fetch it using command line on the appliance.
Caution:- Do not run the same in Production Gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you find yourself in the, um, unfortunate position of having managed to lock yourself out of an Azure based management server (or gateway for that matter) by pushing an erroneous policy to a gateway, there is a little access tool to help you fudge a way to restoring comms;
I had a similar issue at a customer who was using an internal Cluster across an express route, so (not internet facing as such; and thankfully no NAT was involved as this was just a datacentre extension) but using the 'Serial console' from within Azure Portal I was able to 'fw unloadlocal' and also enable ip forwarding [echo 1 > /proc/sys/net/ipv4/ip_forward] (absolutely not recommended) to get access back to the management server through the gateway.
Just in case this helps anyone else out.
Edit: Just read the original question, it's about AWS, my response is purely for Azure, doh!