Policy Files

Previous page
Table of content
Next page

In the process of compiling your security policy, Check Point NG AI takes the contents of the rule base file *.W that you created through the SmartDashboard GUI, to create an INSPECT script with the same name adding a .PF extension. The *.PF file is compiled into INSPECT code designated as a file called *.FC (where the * represents the name given to your policy in the initial dialog). The INSPECT code is then applied to the network objects (firewalls) specified in the install. Keep in mind that when you install a policy on a module that has no rules to enforce, the policy will not install as it would default back to the implicit deny all rule.

To back up your policy, you should make and keep a separate copy of the files listed below:

  • $FWDIR\conf\objects_5_0.C

  • $FWDIR\conf\*.W

  • $FWDIR\conf\rulebases_5_0.fws

  • $FWDIR\database\fwauth.NDB*

The objects_5_0.C file stores all the network objects, resources, servers, services, and so on. The *.W files are each individual policy files that you named via SmartDashboard. The rulebases_5_0.fws file is the master rule base file that holds each of the individual *.W policies in one place. If you needed to restore your policies, you would not necessarily need to replace each .W file, but just the rulebases_5_0.fws . When you log in to SmartDashboard, this file will open and create the .W files that were not already in the conf directory. This .FWS file gets called whenever you do a File Open from SmartDashboard, and you can rename or delete policies from this file via the Open window. Deleting a policy from here does not remove it from the hard drive; it simply removes it from the rulebases_5_0.fws file. The fwauth.NDB* files contain the user database.

start sidebar
Configuring & Implementing
Editing Files Manually

The *.W file can be edited with a text editor. Editing this code does not affect the GUI representation of rules. However, it will be used to create the INSPECT script and may introduce inconsistencies between the GUI interface and the installed policy. As an alternative, the *.DEF file can be edited instead.

end sidebar
 
Note  

Editing files directly is not for the faint of heart. Similar to the registry on a Microsoft Windows system, it should not be attempted unless you have been directed to by technical support, as simple changes done incorrectly can introduce significant problems.



Previous page
Table of content
Next page
Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Interprocess Communications in Linux: The Nooks and Crannies
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
C & Data Structures (Charles River Media Computer Engineering)
MySQL Cookbook
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy