Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Command to loading previous configuration
- Thread starter Rpinfo
- Start date
It all depends on if you actually saved a previous configuration or not. From SmartDashboad you can go to 'File > Database Revision Control' and select any saved configs and restore the old policy.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #3
I thought that you were refering to a previous security policy, not a completely different firewall version!
So, what exactly are you trying to do? Restore a previous firewall installation? Restore a security policy?
If you just can't connect to the firewall because you are running the wrong version of the GUI then just use the correct version to connect. If you can't connect using the correct version because the security policy is blocking your IP address then just issue "fw unload local" at the command line and then you will be able to login via the GUI and change the security policy.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
So, what exactly are you trying to do? Restore a previous firewall installation? Restore a security policy?
If you just can't connect to the firewall because you are running the wrong version of the GUI then just use the correct version to connect. If you can't connect using the correct version because the security policy is blocking your IP address then just issue "fw unload local" at the command line and then you will be able to login via the GUI and change the security policy.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #5
Chris,
Great! the security policy was blocking our ip addresses. With the command suggested by you "fw unload local" now we have again the full control. I guess we need to add on the top the of security policy the rules to access always the FW. Are these rules right?:
fwadmin@any ---> mgtserver--->FW1_fgmt ---> Client Encryption
and for GUI
gui-client ---> mgtserver-->cpmi-->Accept
Many thanks
Raffaele
Great! the security policy was blocking our ip addresses. With the command suggested by you "fw unload local" now we have again the full control. I guess we need to add on the top the of security policy the rules to access always the FW. Are these rules right?:
fwadmin@any ---> mgtserver--->FW1_fgmt ---> Client Encryption
and for GUI
gui-client ---> mgtserver-->cpmi-->Accept
Many thanks
Raffaele
I normally have a group of management IP addresses which I create a rule for to allow them to access the firewall using CPMI (and some other FW-1 ports), ssh, ftp and https.
mgmt_IPs > firewall > CP_mgmt > allow
Under that put a stealth rule in as well,
Any > firewall > any > drop.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
mgmt_IPs > firewall > CP_mgmt > allow
Under that put a stealth rule in as well,
Any > firewall > any > drop.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Status
Similar threads
- Locked
- Question
- Locked
- Question