Installing a Security Policy


After you have defined all objects and composed the rule base, it is time to install the policy on your chosen modules so that it can be enforced. Remember that any time you modify network objects, rules, or Global properties, you need to install the policy for the changes to take effect. The install policy process does a few things before your rules get enforced.

When you select Install from the Policy menu, first Check Point saves your objects and rules. Next, Check Point verifies your rule base to ensure that you do not have any conflicting rules, redundant rules, or rules with objects that require definition. Alternatively, before you install, you can verify the policy by choosing Policy and then selecting Verify . Check Point NG AI will then parse your rule set. After the verify process returns the results that Rules Verified OK!, Check Point NG AI asks you to select on which network object and module to install the compiled policy.

When you select the object that you wish to install this policy on, an installation window will come up. The progress of the compile and install will be displayed here. Note that in NG AI, installations are processed in parallel, dramatically improving the time required to install the policy on multiple modules. Previously, the installation process was done on each module one at a time. When the policy install is completed, you can click on the Close button at the bottom of the window, as shown in Figure 4.17. If you wish to cancel the installation, press the button while the Abor t button is enabled If an error or warning occurs, you can press the Show Errors button to view which module and which errors were generated during the installation process.

Alternatively, you can install the policy on the firewall modules at the command prompt with the using $FWDIR/bin/fw load . For example, if you want to install the policy named FirstPolicy on a firewall module defined with an object named Gatekeeper, you would run the following load command from the Management server s $FWDIR/conf directory:

click to expand
Figure 4.17: Install Policy Progress Window
 $FWDIR/bin/fw load FirstPolicy.W ExternalFW 

To confirm the installation of your policy at the command line, execute $FWDIR\bin\fw stat . This will display the host, policy, and time of install.




Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net