I have the same problem. The only workaround is not to choose Install on
Gateways. Just specify the Target, each rule is valid for and there will nothing
happen to the other firewalls if you forget to uncheck before pushing the
policy.
Give it a try !
Olaf
From: Jarrett Goetz <[EMAIL PROTECTED]> on 10/08/2000 21:07 GMT
|--------->
| |
|--------->
>--------------------------------------------------------------------------->
| |
>--------------------------------------------------------------------------->
>-------------------------------------------|
| |
>-------------------------------------------|
|--------->
|To: |
|--------->
>--------------------------------------------------------------------------->
|"'[EMAIL PROTECTED]'" |
|<[EMAIL PROTECTED]> |
>--------------------------------------------------------------------------->
>-------------------------------------------|
| |
| |
>-------------------------------------------|
|--------->
|cc: |
|--------->
>--------------------------------------------------------------------------->
| (bcc: Olaf Breil/MUC/AMADEUS) |
>--------------------------------------------------------------------------->
>-------------------------------------------|
| |
| |
>-------------------------------------------|
|--------->
| |
|--------->
>--------------------------------------------------------------------------->
| |
>--------------------------------------------------------------------------->
>-------------------------------------------|
| |
>-------------------------------------------|
|--------->
|Subject: |
|--------->
>--------------------------------------------------------------------------->
|[FW1] Enterprise Management Policy Pushing Issue |
>--------------------------------------------------------------------------->
>-------------------------------------------|
| |
>-------------------------------------------|
I have a semi-stupid question.
We are running a CheckPoint 4.1 Enterprise Management Console Server that is
managing a small WAN worth of enforcement points (about 10+.) We have
separate policies for each firewall module, and not one large policy for the
whole organization due to various reasons. (The policy would be HUGE in
addition to about 1/3 to 1/2 of the installations being data center based
with completely different types of rules.)
The stupid, yet critical problem is pushing new policies to the firewalls.
When I click <install> it brings up the menu of all the firewall objects
with
checkboxes next to them. They are already all checked and I have to uncheck
the ones I don't want to push to. Well, the other day I made the mistake of
all mistakes. I was working a little too fast and I clicked <select all>,
picked a firewall, then install, INSTEAD of <clear all>, picking a firewall,
then install. This was very bad, the entire WAN and Data Centers came
crashing down. As the policies were pushing (oh sh*t moment), I realized
and
hit <abort>, which was actually worse than letting it all go through.
Recovering could have been a lot worse, thankfully I had control connections
of the stations at the top of the policy, but it could have been much worse.
My bottom line question, is there a way to make all the firewall-1 objects
unchecked by default? Or something else anyone knows of to definitely avoid
this type of problem.
Am I missing something here?
I really think it is poor design on CheckPoints side of that simple GUI, or
I
just might not be using as it was speced out.
Any input would be very appreciated.
(Please don't tell me to buy Provider-1 for 80k :)
Thanks.
Jarrett Goetz
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
