The default policy can be changed, which is worthwhile if you are
rolling out lots of firewalls. PhoneBoys book has a worked example.
Enjoy
Rick
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
cisco4ng
Sent: 15 November 2007 15:15
To: [email protected]
Subject: Re: [FW-1] default policy
default policy will block EVERYTHING including ssh.
Here is what I would do:
1) create a small script like this call unload_me:
#!/bin/csh
source /opt/CPsuite-R65/svn/tmp/.CPprofile.csh
/opt/CPsuite-R65/bin/fw unloadlocal
/opt/CPsuite-R65/bin/fw unloadlocal
2) put in cron and set it to run every 5 minutes:
utc
0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,25,30,35,40,45,50,5
2,53,54,55,56,57,58,59 * * * * [ -x
/var/emhome/monitor/fwuser/scripts/unload_me ] &&
/var/emhome/monitor/fwuser/scripts/unload_me > /dev/null 2>&1
3) now reset your SIC,
4) once you're done with SIC, the script will unload the default policy,
5) comment out the line in step 2,
Easy right?
Din Cox <[EMAIL PROTECTED]> wrote: Yes this can be done via ssh assuming
you allowed such access to the
firewall.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Addy
Sent: Thursday, November 15, 2007 9:22 AM
To: [email protected]
Subject: [FW-1] default policy
Hi All
Might be a silly question, so bear with me!!
Resetting sic on the firewall restarts and then load the default policy,
i know you can unload this by doing fw unloadlocal from the console.
My question is there any way this could be done without console access,
via ssh or does the default policy stop all connections to the firewall?
I don't think so but i could be wrong, is there any other back door?
Many thanks
---------------------------------
Never miss a thing. Make Yahoo your homepage.
Scanned by Check Point Total Security
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
---------------------------------
Get easy, one-click access to your favorites. Make Yahoo! your
homepage.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
