Description
Controls the boot security - loading of both the Default Filter policy (defaultfilter
) and the Initial Policy (InitialPolicy
) during boot on a Security Gateway, or a Cluster Member.
Warning
If you disable the boot security, you leave your Security Gateway, or a Cluster Member without any protection during the boot. Before you disable the boot security, we recommend to disconnect your Security Gateway, or a Cluster Member from the network completely. |
Also refer to these commands:
Syntax
[Expert@GW:0]# $FWDIR/bin/control_bootsec [-g | -G] |
[Expert@GW:0]# $FWDIR/bin/control_bootsec {-r | -R} |
Notes:
Parameters
Parameter |
Description |
---|---|
No Parameter
|
Enables the boot security:
|
|
Disables the boot security:
|
Example - Disabling the boot security
[Expert@GW:0]# cd $FWDIR/state/local/FW1/ [Expert@GW:0]#
[Expert@GW:0]# pwd /opt/CPsuite-R80.20/fw1/state/local/FW1 [Expert@GW:0]#
[Expert@GW:0]# ls -l total 7736 -rw-rw---- 1 admin root 11085 Jul 19 20:16 install_policy_report.txt -rw-rw---- 1 admin root 56 Jul 19 20:16 install_policy_report_timing.txt -rw-rw---- 1 admin root 37355 Jul 19 20:16 local.Sandbox-persistence.xml -rw-rw---- 1 admin root 3 Jul 19 20:16 local.ad_query_profiles ... ... ... -rw-r----- 1 admin root 14743 Jul 19 20:16 manifest.C -rw-rw---- 1 admin root 7381 Jul 19 20:16 policy.info -rw-rw---- 1 admin root 2736 Jul 19 20:16 policy.map -rw-rw---- 1 admin root 51 Jul 19 20:16 sig.map [Expert@GW:0]#
[Expert@GW:0]# $FWDIR/bin/control_bootsec -r Disabling boot security FW-1 will not load a default filter on boot [Expert@GW:0]#
[Expert@GW:0]# cat $FWDIR/boot/boot.conf CTL_IPFORWARDING 1 DEFAULT_FILTER_PATH 0 KERN_INSTANCE_NUM 3 COREXL_INSTALLED 1 KERN6_INSTANCE_NUM 2 IPV6_INSTALLED 0 CORE_OVERRIDE 4 [Expert@GW:0]#
[Expert@GW:0]# grep InitialPolicySafe $CPDIR/registry/HKLM_registry.data :InitialPolicySafe (true) [Expert@GW:0]#
[Expert@GW:0]# ls -l total 0 [Expert@GW:0]# |
Example - Enabling the boot security
[Expert@GW:0]# cd $FWDIR/state/local/FW1/ [Expert@GW:0]#
[Expert@GW:0]# pwd /opt/CPsuite-R80.20/fw1/state/local/FW1 [Expert@GW:0]#
[Expert@GW:0]# control_bootsec -g Enabling boot security [Expert@GW:0]#
[Expert@GW:0]# cat $FWDIR/boot/boot.conf CTL_IPFORWARDING 1 DEFAULT_FILTER_PATH /opt/CPsuite-R80.20/fw1/boot/default.bin KERN_INSTANCE_NUM 3 COREXL_INSTALLED 1 KERN6_INSTANCE_NUM 2 IPV6_INSTALLED 0 CORE_OVERRIDE 4 [Expert@GW:0]#
[Expert@GW:0]# grep InitialPolicySafe $CPDIR/registry/HKLM_registry.data [Expert@GW:0]#
[Expert@GW:0]# ls -l total 56 -rw-rw---- 1 admin root 8 Jul 19 20:22 local.ctlver -rw-rw---- 1 admin root 4514 Jul 19 20:22 local.fc -rw-rw---- 1 admin root 4721 Jul 19 20:22 local.fc6 -rw-rw---- 1 admin root 235 Jul 19 20:22 local.ft -rw-rw---- 1 admin root 317 Jul 19 20:22 local.ft6 -rw-rw---- 1 admin root 135 Jul 19 20:22 local.fwrl.conf -rw-rw---- 1 admin root 14 Jul 19 20:22 local.ifs -rw-rw---- 1 admin root 833 Jul 19 20:22 local.inspect.lf -rw-rw---- 1 admin root 243 Jul 19 20:22 local.lg -rw-rw---- 1 admin root 243 Jul 19 20:22 local.lg6 -rw-rw---- 1 admin root 0 Jul 19 20:22 local.magic -rw-rw---- 1 admin root 3 Jul 19 20:22 local.set -rw-rw---- 1 admin root 51 Jul 19 20:22 sig.map [Expert@GW:0]# |