Hi all,
I am trying to use dbedit to create a number of standard network objects and
rules.
I have managed to create all my network objects and most of the policy rules
but I am having problems creating a rule with an action of Encrypt.
The script below (rule 2) gets so far but fails to update the policy reporting
errors in the action and type fields within the Encrypt object. I just can't
work out the syntax to update these fields.
I would have thought I should be able to use something like...
modify fw_policies ##mypolicy rule:2:action:Encrypt:action accept
modify fw_policies ##mypolicy rule:2:action:Encrypt:type encrypt
...but they return an error saying I need to enter the container index.
Any help would be appreciated!
Many thanks,
Dave
create policies_collection mypolicy
update policies_collections mypolicy
create firewall_policy ##mypolicy
modify fw_policies ##mypolicy collection policies_collections:mypolicy
modify fw_policies ##mypolicy use_VPN_communities false
addelement fw_policies ##mypolicy rule security_header_rule
addelement fw_policies ##mypolicy rule:0:action drop_action:drop
modify fw_policies ##mypolicy rule:0:header_text "General rules"
addelement fw_policies ##mypolicy rule security_rule
addelement fw_policies ##mypolicy rule:1:action accept_action:accept
modify fw_policies ##mypolicy rule:1:comments "Allow IKE between all firewalls"
addelement fw_policies ##mypolicy rule:1:services:'' services:IKE
addelement fw_policies ##mypolicy rule:1:src:'' network_objects:all-fws
addelement fw_policies ##mypolicy rule:1:dst:'' network_objects:all-fws
rmelement fw_policies ##mypolicy rule:1:track: tracks:None
addelement fw_policies ##mypolicy rule:1:track: tracks:Log
addelement fw_policies ##mypolicy rule security_rule
addelement fw_policies ##mypolicy rule:2:action encrypt:Encrypt
modify fw_policies ##mypolicy rule:2:comments "Allow icmp between all sites and
firewalls"
addelement fw_policies ##mypolicy rule:2:services:'' services:icmp-proto
addelement fw_policies ##mypolicy rule:2:src:'' network_objects:all-fw-topos
addelement fw_policies ##mypolicy rule:2:src:'' network_objects:all-fws
addelement fw_policies ##mypolicy rule:2:dst:'' network_objects:all-fw-topos
addelement fw_policies ##mypolicy rule:2:dst:'' network_objects:all-fws
rmelement fw_policies ##mypolicy rule:2:track: tracks:None
addelement fw_policies ##mypolicy rule:2:track: tracks:Log
Update fw_policies ##mypolicy
-----------------------------------------
Email sent from www.ntlworld.com
Virus-checked using McAfee(R) Software
Visit www.ntlworld.com/security for more information
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
