Using dbedit in Automation Scripts

You can use dbedit to configure the initial settings for a Security Gateway and the Security Policy, then update and change the settings when necessary.

Note - Make sure that the script in the text files does not contain blank lines. Otherwise the script stops with an error.

Initial Configuration

1. Create a text file with an automation script. The script can create and configure the necessary objects and rules for the Security Policy.
2. Make a database revision of the management. Use this revision if there is a problem with the script and to identify unauthorized changes to the database.
3. Run fwm load and install the policy on one or more Security Gateways.

Updating and Changing the Policy

1. Make sure that the automation administrator changed the database most recently.
   1. Run send_command -s <domain_server> –u <admin> –p <password> –o db_change_since_last_save

      The Last modifier field shows the administrator name.

   2. If a different administrator changed the database, do not continue to use the automation script. A system administrator must do an analysis of the database.
2. Edit the automation script, create and configure objects and rules for the Security Policy.
3. Run fwm load and install the policy on one or more Security Gateways.

To update and change the commands for a Domain Management Server:

This sample script installs the Standard policy from Domain Management Server Cust_CMA on the Security Gateway examplegw.

mdsenv Cust_CMA send_command –s Cust_CMA –u admin –p admin –o db_change_since_last_save dbedit –globallock -s Cust_CMA -u admin -p admin -f dbedit_modifiability_objects.txt fwm load Standard examplegw