I have a semi-stupid question.
We are running a CheckPoint 4.1 Enterprise Management Console Server that is
managing a small WAN worth of enforcement points (about 10+.) We have
separate policies for each firewall module, and not one large policy for the
whole organization due to various reasons. (The policy would be HUGE in
addition to about 1/3 to 1/2 of the installations being data center based
with completely different types of rules.)
The stupid, yet critical problem is pushing new policies to the firewalls.
When I click <install> it brings up the menu of all the firewall objects
with
checkboxes next to them. They are already all checked and I have to uncheck
the ones I don't want to push to. Well, the other day I made the mistake of
all mistakes. I was working a little too fast and I clicked <select all>,
picked a firewall, then install, INSTEAD of <clear all>, picking a firewall,
then install. This was very bad, the entire WAN and Data Centers came
crashing down. As the policies were pushing (oh sh*t moment), I realized
and
hit <abort>, which was actually worse than letting it all go through.
Recovering could have been a lot worse, thankfully I had control connections
of the stations at the top of the policy, but it could have been much worse.
My bottom line question, is there a way to make all the firewall-1 objects
unchecked by default? Or something else anyone knows of to definitely avoid
this type of problem.
Am I missing something here?
I really think it is poor design on CheckPoints side of that simple GUI, or
I
just might not be using as it was speced out.
Any input would be very appreciated.
(Please don't tell me to buy Provider-1 for 80k :)
Thanks.
Jarrett Goetz
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
