Re: [FW1] Create master rulebase from local

Thu, 16 Nov 2000 16:48:51 -0800 



"Robert MacDonald" <[EMAIL PROTECTED]> wrote:
>Date: Thu, 16 Nov 2000 12:45:04 -0500
>Do this.
>
>Start the GUI on your system. In the management server
>field type *local and give any old username and password
>you would like. Press enter.
>
>Voila(extent of my French) your in a local copy of a firewall
>policy. This allows you to play, play, play...err test, test, test.
>
>You can copy your real policy and objects to your local
>system and play with them. I don't have those off hand, see
>phoneboy. Make a copy of the local just in case.
>
>Is this what you wanted to know?

Uhh... what's that saying, knowledge is the slow realization of the
magnitude of one's ignorance?  I've never played with *local.
What's *local?  I just loaded a fresh version of 4.1, nothing's on
there yet.  fire up the gui, connect to localhost and I get a clean
slate, nothing written yet.  connect to *local and I get some funky
demo-like rulebase, next to the tabs for Security & NAT policy
I also get tabs for Bandwidth & Compression Policy, none of which I 
installed.  Where did the gui get this?  the state directory where
all the local.* are kept is empty.

Anyway you've diverted me from the original question.  Which was, if
one day we reap the IT equivalent of karmic retribution & the management
server falls over for good, can I recreate its objects.C and all the
rulebase from what's on the firewalls?  (they are different boxes)
As far as I know, the firewall keeps a copy of the last good policy 
installed, in state/local.fc, state/local.ojbects, etc.  There is also
a rules.C and objects.C in the firewall's $FWDIR/database directory.
Do I have enough?

Usual way:  master objects.C + rules.W => rules.pf => rules.fc

Can I go backward?  local.fc + local.rules.C + local.objects.C => rules.W

What's the difference between firewall copy of objects.C & master copy
of objects.C?  What's rules.C for?? This question is killing me!!

CT



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to