{"id":3092,"date":"2011-03-19T22:04:10","date_gmt":"2011-03-19T20:04:10","guid":{"rendered":"http:\/\/www.imacandi.net\/sin\/blog\/?p=3092"},"modified":"2011-03-19T22:04:10","modified_gmt":"2011-03-19T20:04:10","slug":"geek-stuff-check-point-command-line-policy-install","status":"publish","type":"post","link":"https:\/\/www.imacandi.net\/sin\/blog\/2011\/03\/19\/geek-stuff-check-point-command-line-policy-install.html","title":{"rendered":"[geek stuff] Check Point command line policy install"},"content":{"rendered":"<p>Sa zicem ca dintr-un motiv oarecare, <strong>fw fetch smartcenter_ip<\/strong> nu mai merge pe un modul de firewall iar singura solutie e sa faci o instalare de politica de securitate. Ca sa faci asta, in mod normal iti trebuie SmartDashboard. Da sa zicem ca n-ai. Ca d&#8217;aia Murphy vegheaza asupra noastra. Ce-i de facut ?<\/p>\n<p>Pai, pe SmartCenter se fac urmatoarele operatiuni:<\/p>\n<p>1. sa schimba directorul curent in <strong>$FWDIR\/conf<\/strong><\/p>\n<p>Aici trebuie sa stii cum se cheama numele politicii de securitate. Daca n-ai redenumit-o pe aia implicita, se va chema Standard. Daca ai redenumit-o si nu mai stii, un <strong>ls -lh *W<\/strong> in <strong>$FWDIR\/conf<\/strong> iti va spune cate politici ai si ar fi bine sa-ti aduci dupa aia aminte cum se cheama aia de trebuie instalata pe modulul de firewall.<\/p>\n<p>2. se ruleaza comanda <strong>fwm gen Standard &gt; Standard.W<\/strong> de unde o sa reiasa un output de genul:<\/p>\n<blockquote><p># fwm gen Standard &gt; Standard.W<\/p>\n<p>Warning: Anti-Spoofing is not configured for some interfaces and gateways. This will allow address spoofing through these gateways.<br \/>\nAnti-Spoofing should be configured on the following objects: Gateway: fw01, Interface: External.110 Gateway: fw01, Interface: External.120<\/p><\/blockquote>\n<p>Daca da doar mesaje de avertizare e OK si se trece la urmatorul pas<\/p>\n<p>3. pentru a instala politica de securitate pe modulul de firewall de ruleaza comanda <strong>fwm load Standard fw01<\/strong> (fw01 fiind numele modulului de firewall). In principiu o sa scoata un output de genul:<\/p>\n<blockquote><p># fwm load Standard.W fw01<\/p>\n<p>Installing policy on R70\/R71 targets:\u00a0\u00a0Warning: Anti-Spoofing is not configured for some interfaces and gateways. This will allow address spoofing through these gateways.\u00a0Anti-Spoofing should be configured on the following objects:\u00a0Gateway: fw01, Interface: External.110\u00a0Gateway: fw01, Interface: External.120<\/p>\n<p>Standard.W: Security Policy Script generated into Standard.pf<br \/>\nStandard:\u00a0Compiled OK.<br \/>\nInstalling Security Gateway policy on: fw01 &#8230;<br \/>\nSecurity Gateway policy installed successfully on fw01&#8230;<br \/>\nSecurity Gateway policy installation complete<br \/>\nSecurity Gateway policy installation succeeded for: fw01<\/p><\/blockquote>\n<p>Cam asta e. Ca tot e sambata, putem s-o trecem la categoria chestii pe care le face sin sambata seara :))<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sa zicem ca dintr-un motiv oarecare, fw fetch smartcenter_ip nu mai merge pe un modul de firewall iar singura solutie e sa faci o instalare de politica de securitate. Ca sa faci asta, in mod normal iti trebuie SmartDashboard. Da sa zicem ca n-ai. Ca d&#8217;aia Murphy vegheaza asupra noastra. Ce-i de facut ? Pai, &hellip; <a href=\"https:\/\/www.imacandi.net\/sin\/blog\/2011\/03\/19\/geek-stuff-check-point-command-line-policy-install.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">[geek stuff] Check Point command line policy install<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"ngg_post_thumbnail":0,"footnotes":""},"categories":[2],"tags":[7],"class_list":["post-3092","post","type-post","status-publish","format-standard","hentry","category-diverse","tag-computers"],"_links":{"self":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts\/3092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/comments?post=3092"}],"version-history":[{"count":0,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts\/3092\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/media?parent=3092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/categories?post=3092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/tags?post=3092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}