Installing a Security Policy


After you have defined all objects and composed the rule base, it is time to install the policy on your chosen modules so that it can be enforced. Remember that anytime you modify network objects, rules, or global properties, you need to install the policy for the changes to take effect. The install policy process does a few things before your rules get enforced.

When you select Install from the Policy menu, Check Point first saves your objects and rules. Next, Check Point verifies your rule base to ensure that you don't have any conflicting rules, redundant rules, or rules with objects that require definition. Alternatively, before you install, you can verify the policy by choosing Policy and then selecting Verify. Check Point NG will then parse your rule set. After the verify process returns the results that "Rules Verified OK!" Check Point NG asks you to select on which network object and module to install the compiled policy.

Select the object that you wish to install this policy on, and an installation window will open. The progress of the compile and install will be displayed here. When the policy install is completed, you can click the Close button at the bottom of the window as shown in Figure 14.16. If you wish to cancel the installation in progress, click the Abort button.

click to expand
Figure 14.16: Install Policy Progress Window

Alternatively, you can install the policy on the firewall modules at the command prompt with the use of $FWDIR/bin/fw load. For example, if you want to install the policy named Standard.W on a firewall module defined with an object named Gatekeeper, then you would run the following load command from the Management server's $FWDIR/conf directory:

$FWDIR/bin/fw load Standard.W all.all@Gatekeeper

To confirm the installation of your policy at the command line, execute $FWDIR\bin\fw stat. This will display the host, policy, and time of install.




The Best Damn Firewall Book Period
The Best Damn Firewall Book Period
ISBN: 1931836906
EAN: 2147483647
Year: 2003
Pages: 240

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net