My mistake..I was of the impression that he didn't want to uses the console to unload the policy after doing it once.
Default policy blocks everything as cisco4ng stated. Interesting script by the way! -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Thursday, November 15, 2007 10:15 AM To: [email protected] Subject: Re: [FW-1] default policy default policy will block EVERYTHING including ssh. Here is what I would do: 1) create a small script like this call unload_me: #!/bin/csh source /opt/CPsuite-R65/svn/tmp/.CPprofile.csh /opt/CPsuite-R65/bin/fw unloadlocal /opt/CPsuite-R65/bin/fw unloadlocal 2) put in cron and set it to run every 5 minutes: utc 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,25,30,35,40,45,50,5 2,53,54,55,56,57,58,59 * * * * [ -x /var/emhome/monitor/fwuser/scripts/unload_me ] && /var/emhome/monitor/fwuser/scripts/unload_me > /dev/null 2>&1 3) now reset your SIC, 4) once you're done with SIC, the script will unload the default policy, 5) comment out the line in step 2, Easy right? Din Cox <[EMAIL PROTECTED]> wrote: Yes this can be done via ssh assuming you allowed such access to the firewall. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Peter Addy Sent: Thursday, November 15, 2007 9:22 AM To: [email protected] Subject: [FW-1] default policy Hi All Might be a silly question, so bear with me!! Resetting sic on the firewall restarts and then load the default policy, i know you can unload this by doing fw unloadlocal from the console. My question is there any way this could be done without console access, via ssh or does the default policy stop all connections to the firewall? I don't think so but i could be wrong, is there any other back door? Many thanks --------------------------------- Never miss a thing. Make Yahoo your homepage. Scanned by Check Point Total Security ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Get easy, one-click access to your favorites. Make Yahoo! your homepage. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
