[FW1] Disappearing security policy!

[j.f...@olivettiricerca.it]

Hello,

I was remotely modifying (through the GUI from a Windows95 computer) a
security policy on a FW-1 3.0b with NTWS 3.51 and suddenly everything froze
and I had to perform the usual MS emergency maneuver : reboot. The problem
was my W95 client, not the FW-1 machine. When I got back up and logged on
to FW-1 all I could see of my policy was....nothing! No more lines in the
policy. The same policy was now called 'Standard' although I had been using
a policy with another name. So I thought I could simply reload my policy
from those already catalogued, but when I tried to select the policy, there
were no more policies available! Only 'Standard' was left!! The NAT rules
were still there though and so were my network objects and users.

I can see all my other policies in the $FWDIR/conf directory (.pf,.W, etc.)
but FW-1 does not see them anymore. Obviously the data contained in the
rulebases.fws, which probably contains pointers to the other policies, has
somehow been corrupted. In fact it is only 1KBytes in length and has its
date/time set to the same time at which the failure occurred.

I see that other files (fwauth & objects) have backup versions, but not
rulebases.fws.
I've got a backup tape which I can use to restore the info, but I thought
that I wouldn't have changed anything on the FW-1 machine if I didn't try
to commit my changes in some fashion (i.e. by installing or saving the
policy). I was just wondering whether anyone had any insight as to how the
updating is performed within the database and what techniques (if any) are
used to prevent (or at least try to prevent) what happened to me.

Joe

***********************************************
* Joseph Favia Jr. *
* Internet/Intranet & Networking *
* OLIVETTI Ricerca S.C.p.A. *
* Contrada La Marchesa *
* S.S.271 Km.8.680 *
* 70020 Bitritto (BA) - Italy *
-----------------------------------------------
* Phone : +39 80 635-2104 *
* Fax : +39 80 635-2089 *
* E-mail: j.f...@olivettiricerca.it *
***********************************************

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

[fw-1-mailin...@us.checkpoint.com]

Hi Joseph,

One solution is to re-include the content of the .W file into the
rulebases.fws.

To do that:

1- your must add a ":rulebases" statement declaring your policy just
after the first "(" of the file. It should look like :

:rule-base ("##YourPolicyname

where Your Policyname is the name of... your policy !

2- Then include YourPolicyname.W file. Your must suppress the two last
statements
(As I remember it sould be ":filename" and ":rulebase").

3- Add a closing ")" just before the following ":rulebase" statement
(declaring the
"standard" policy...which is empty).

Automagically, you should be able to open your policy again (using the
"File" menu) .

Hope this helps.

Lionel MOYAT
Consultant
E-mail: 92.Lion...@aist.enst.fr

DEVOTeam "Your Network Team"
113, Rue Anatole France
92300 Levallois-Perret
FRANCE

> -----Message d'origine-----
> De: j.f...@olivettiricerca.it [SMTP:j.f...@olivettiricerca.it]
> Date: vendredi 20 mars 1998 09:55
> À: fw-1-mai...@us.checkpoint.com
> Objet: [FW1] Disappearing security policy!

[fw-1-mailin...@us.checkpoint.com]

"I had to perform the usual MS emergency maneuver : reboot."...:-), I love
this, you should send this to Bill Gates.

_ming

On Fri, 20 Mar 1998 j.f...@olivettiricerca.it wrote:

->
->Hello,
->
->I was remotely modifying (through the GUI from a Windows95 computer) a
->security policy on a FW-1 3.0b with NTWS 3.51 and suddenly everything froze
->and I had to perform the usual MS emergency maneuver : reboot. The problem
->was my W95 client, not the FW-1 machine. When I got back up and logged on
->to FW-1 all I could see of my policy was....nothing! No more lines in the
->policy. The same policy was now called 'Standard' although I had been using
->a policy with another name. So I thought I could simply reload my policy
->from those already catalogued, but when I tried to select the policy, there
->were no more policies available! Only 'Standard' was left!! The NAT rules
->were still there though and so were my network objects and users.
->
->I can see all my other policies in the $FWDIR/conf directory (.pf,.W, etc.)
->but FW-1 does not see them anymore. Obviously the data contained in the
->rulebases.fws, which probably contains pointers to the other policies, has
->somehow been corrupted. In fact it is only 1KBytes in length and has its
->date/time set to the same time at which the failure occurred.
->
->I see that other files (fwauth & objects) have backup versions, but not
->rulebases.fws.
->I've got a backup tape which I can use to restore the info, but I thought
->that I wouldn't have changed anything on the FW-1 machine if I didn't try
->to commit my changes in some fashion (i.e. by installing or saving the
->policy). I was just wondering whether anyone had any insight as to how the
->updating is performed within the database and what techniques (if any) are
->used to prevent (or at least try to prevent) what happened to me.
->
->
->Joe
->
->
->
->
-> ***********************************************
-> * Joseph Favia Jr. *
-> * Internet/Intranet & Networking *
-> * OLIVETTI Ricerca S.C.p.A. *
-> * Contrada La Marchesa *
-> * S.S.271 Km.8.680 *
-> * 70020 Bitritto (BA) - Italy *
-> -----------------------------------------------
-> * Phone : +39 80 635-2104 *
-> * Fax : +39 80 635-2089 *
-> * E-mail: j.f...@olivettiricerca.it *
-> ***********************************************
->
->
->================================================================================
-> To unsubscribe from this mailing list, please see the instructions at
-> http://www.checkpoint.com/services/mailing.html
->================================================================================
->

============================================================================
Ming Lu Email: Min...@GlobalOne.net
Network Tech Consulting Engineer Phone: 703-689-5290 (w)
Product Engineering 703-855-4194 (m)
Global One Telecommunications, LLT. 703-689-6575 (f)
============================================================================
"Do not pay attention to every word people say, or you may hear your
servant cursing you ---- for you know in your heart that many times you
yourself have cursed others."

[fw-1-mailin...@us.checkpoint.com]

I remember there is a way to use a fw command to force a given ruleset back
into the ruleset database, but I can't find it now; all I remember is that it
used the flag G. I managed to lose the timestamp sync between rules and
objects once, and had to do this for each rule set (I keep old rulesets around
for a while) I wanted to be able to see again in the GUI. If you can't find
it, mail me and I will look a little harder.

Neil

----------

>> I was remotely modifying (through the GUI from a Windows95 computer) a

>> security policy on a FW-1 3.0b with NTWS 3.51 and suddenly everything froze

>> and I had to perform the usual MS emergency maneuver : reboot. The problem

>> was my W95 client, not the FW-1 machine. When I got back up and logged on

>> to FW-1 all I could see of my policy was....nothing! No more lines in the

>> policy. The same policy was now called 'Standard' although I had been using

>> a policy with another name. So I thought I could simply reload my policy

>> from those already catalogued, but when I tried to select the policy, there

>> were no more policies available! Only 'Standard' was left!! The NAT rules

>> were still there though and so were my network objects and users.
>>

>> I can see all my other policies in the $FWDIR/conf directory (.pf,.W, etc.)

>> but FW-1 does not see them anymore. Obviously the data contained in the

>> rulebases.fws, which probably contains pointers to the other policies, has

>> somehow been corrupted. In fact it is only 1KBytes in length and has its

>> date/time set to the same time at which the failure occurred.
>>

>> I see that other files (fwauth & objects) have backup versions, but not

>> rulebases.fws. I've got a backup tape which I can use to restore the info,
but I
>> thought that I wouldn't have changed anything on the FW-1 machine if I
didn't
>> try to commit my changes in some fashion (i.e. by installing or saving the

>> policy). I was just wondering whether anyone had any insight as to how the

>> updating is performed within the database and what techniques (if any) are

>> used to prevent (or at least try to prevent) what happened to me.
>>
>>

>> Joe
>>
>>   ***********************************************

>>   *  Joseph Favia Jr.                           *

>>   *  Internet/Intranet & Networking             *

>>   *  OLIVETTI Ricerca S.C.p.A.                  *

>>   *  Contrada La Marchesa                    *

>>   *  S.S.271 Km.8.680                           *

>>   *  70020 Bitritto (BA) - Italy                *
>>   -----------------------------------------------

>>   *  Phone : +39 80 635-2104                    *

>>   *  Fax   : +39 80 635-2089         *

>>   *  E-mail: j.f...@olivettiricerca.it         *
>>   ***********************************************