> In doing "install-on" it will mean that the connection is checked on
> the inbound and outbound interface.
> So be careful , you could end up breaking your rules or create a
> slow service.
>
> Regards
>
> Peter Dickson
>
> -----Original Message-----
> From: Jason Witty [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, August 11, 2000 1:37 PM
> To: Jarrett Goetz
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: [FW1] Enterprise Management Policy Pushing Issue
>
> ***** This message originated from outside the AA *****
>
>
> You ALWAYS want to specify the individual firewalls in the "install-on"
> portion of each rule in each policy (in the policy editor, install-on
> column, right click then select targets, then the specific firewall.
> Once done, delete the "gateways" object from the rule). That way, even
> if you fat finger something, it won't get installed on every "gateway".
> Hope this helps!
>
> Jason
>
> Jarrett Goetz wrote:
> >
> > I have a semi-stupid question.
> >
> > We are running a CheckPoint 4.1 Enterprise Management Console Server
> that is
> >
> > managing a small WAN worth of enforcement points (about 10+.) We have
> > separate policies for each firewall module, and not one large policy for
> the
> >
> > whole organization due to various reasons. (The policy would be HUGE in
> > addition to about 1/3 to 1/2 of the installations being data center
> based
> > with completely different types of rules.)
> >
> > The stupid, yet critical problem is pushing new policies to the
> firewalls.
> > When I click <install> it brings up the menu of all the firewall objects
> > with
> > checkboxes next to them. They are already all checked and I have to
> uncheck
> >
> > the ones I don't want to push to. Well, the other day I made the
> mistake of
> >
> > all mistakes. I was working a little too fast and I clicked <select
> all>,
> > picked a firewall, then install, INSTEAD of <clear all>, picking a
> firewall,
> >
> > then install. This was very bad, the entire WAN and Data Centers came
> > crashing down. As the policies were pushing (oh sh*t moment), I
> realized
> > and
> > hit <abort>, which was actually worse than letting it all go through.
> > Recovering could have been a lot worse, thankfully I had control
> connections
> >
> > of the stations at the top of the policy, but it could have been much
> worse.
> >
> > My bottom line question, is there a way to make all the firewall-1
> objects
> > unchecked by default? Or something else anyone knows of to definitely
> avoid
> >
> > this type of problem.
> >
> > Am I missing something here?
> >
> > I really think it is poor design on CheckPoints side of that simple GUI,
> or
> > I
> > just might not be using as it was speced out.
> >
> > Any input would be very appreciated.
> >
> > (Please don't tell me to buy Provider-1 for 80k :)
> >
> > Thanks.
> >
> > Jarrett Goetz
> >
> >
> ==========================================================================
> ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> ======
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
