Hi all,
Got there in the end...
modify fw_policies ##mypolicy rule:2:action:0:action accept
modify fw_policies ##mypolicy rule:2:action:0:type encrypt
Dave
---------------------------------------------------------
Hi all,
I am trying to use dbedit to create a number of standard network objects and
rules.
I have managed to create all my network objects and most of the policy rules
but I am having problems creating a rule with an action of Encrypt.
The script below (rule 2) gets so far but fails to update the policy
reporting errors in the action and type fields within the Encrypt object. I
just can't work out the syntax to update these fields.
I would have thought I should be able to use something like...
modify fw_policies ##mypolicy rule:2:action:Encrypt:action accept
modify fw_policies ##mypolicy rule:2:action:Encrypt:type encrypt
...but they return an error saying I need to enter the container index.
Any help would be appreciated!
Many thanks,
Dave
create policies_collection mypolicy
update policies_collections mypolicy
create firewall_policy ##mypolicy
modify fw_policies ##mypolicy collection policies_collections:mypolicy
modify fw_policies ##mypolicy use_VPN_communities false
addelement fw_policies ##mypolicy rule security_header_rule addelement
fw_policies ##mypolicy rule:0:action drop_action:drop modify fw_policies
##mypolicy rule:0:header_text "General rules"
addelement fw_policies ##mypolicy rule security_rule addelement fw_policies
##mypolicy rule:1:action accept_action:accept modify fw_policies ##mypolicy
rule:1:comments "Allow IKE between all firewalls"
addelement fw_policies ##mypolicy rule:1:services:'' services:IKE addelement
fw_policies ##mypolicy rule:1:src:'' network_objects:all-fws addelement
fw_policies ##mypolicy rule:1:dst:'' network_objects:all-fws rmelement
fw_policies ##mypolicy rule:1:track: tracks:None addelement fw_policies
##mypolicy rule:1:track: tracks:Log
addelement fw_policies ##mypolicy rule security_rule addelement fw_policies
##mypolicy rule:2:action encrypt:Encrypt modify fw_policies ##mypolicy
rule:2:comments "Allow icmp between all sites and firewalls"
addelement fw_policies ##mypolicy rule:2:services:'' services:icmp-proto
addelement fw_policies ##mypolicy rule:2:src:'' network_objects:all-fw-topos
addelement fw_policies ##mypolicy rule:2:src:'' network_objects:all-fws
addelement fw_policies ##mypolicy rule:2:dst:'' network_objects:all-fw-topos
addelement fw_policies ##mypolicy rule:2:dst:'' network_objects:all-fws
rmelement fw_policies ##mypolicy rule:2:track: tracks:None addelement
fw_policies ##mypolicy rule:2:track: tracks:Log
Update fw_policies ##mypolicy
-----------------------------------------
Email sent from www.ntlworld.com
Virus-checked using McAfee(R) Software
Visit www.ntlworld.com/security for more information
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
