The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: Synchronizing Management Consoles

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


(Relevant to FireWall-1 4.1 and earlier) as NG has its own build in Synchronization tool … available at an additional fee.

FireWall-1 4.1 and earlier have a built-in way to “execute” a command when a policy is loaded from the command line. Edit $FWDIR/lib/setup.C, add the bolded two lines:

(    :setup_version (300) 
     :load_program (path-to-command-to-run) 
     :dbload_program (path-to-command-to-run) 

The first command (load_program) is executed on a policy install. The second command (dbload_program) is executed when the user database is loaded. Basically, you would write a script that would copy over the contents of $FWDIR/conf and $FWDIR/state in this script/program, which can invoke “anything.” A good example of how to do this is the document “Setting up a Redundant Management Console on Windows NT” written by Andy Kendall.

For guidelines on editing setup.C, refer to Editing Objects Dot C.

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.