Print Download PDF Send Feedback

Previous

Next

fwm unload

Description

Unloads the policy from the specified managed Security Gateways or Cluster Members.

Note - On Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server (mdsenv <IP Address or Name of Domain Management Server>).

Warning

  1. The fwm unload command prevents all traffic from passing through the Security Gateway (Cluster Member), because it disables the IP Forwarding in the Linux kernel on the Security Gateway (Cluster Member).
  2. The fwm unload command removes all policies from the Security Gateway (Cluster Member). This means that the Security Gateway (Cluster Member) accepts all incoming connections destined to all active interfaces without any filtering or protection enabled.

Notes

Syntax

fwm [-d] unload <GW1> <GW2> ... <GWN>

Parameters

Item

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

For complete debug instructions, see the description of the fwm process in sk97638.

<GW1> <GW2> ... <GWN>

Specifies the managed Security Gateways by their main IP address or Object Name as configured in SmartConsole.

Example

[Expert@MyGW:0]# cpstat -f policy fw

 

Product name: Firewall

Policy name: CXL_Policy

Policy install time: Tue Oct 23 18:23:14 2018

... ... ...

[Expert@MyGW:0]#

 

 

[Expert@MyGW:0]# sysctl -a | grep forwarding | grep -v bridge

net.ipv6.conf.bond0.forwarding = 1

net.ipv6.conf.eth1.forwarding = 1

net.ipv6.conf.eth3.forwarding = 1

net.ipv6.conf.eth2.forwarding = 1

net.ipv6.conf.eth4.forwarding = 1

net.ipv6.conf.eth5.forwarding = 1

net.ipv6.conf.eth0.forwarding = 1

net.ipv6.conf.eth6.forwarding = 1

net.ipv6.conf.default.forwarding = 1

net.ipv6.conf.all.forwarding = 1

net.ipv6.conf.lo.forwarding = 1

net.ipv4.conf.bond0.mc_forwarding = 0

net.ipv4.conf.bond0.forwarding = 1

net.ipv4.conf.eth1.mc_forwarding = 0

net.ipv4.conf.eth1.forwarding = 1

net.ipv4.conf.eth2.mc_forwarding = 0

net.ipv4.conf.eth2.forwarding = 1

net.ipv4.conf.eth0.mc_forwarding = 0

net.ipv4.conf.eth0.forwarding = 1

net.ipv4.conf.lo.mc_forwarding = 0

net.ipv4.conf.lo.forwarding = 1

net.ipv4.conf.default.mc_forwarding = 0

net.ipv4.conf.default.forwarding = 1

net.ipv4.conf.all.mc_forwarding = 0

net.ipv4.conf.all.forwarding = 1

[Expert@MyGW:0]#

 

 

[Expert@MGMT:0]# fwm unload MyGW

 

Uninstalling Policy From: MyGW

 

Security Policy successfully uninstalled from MyGW...

Security Policy uninstall complete.

 

[Expert@MGMT:0]#

 

 

[Expert@MyGW:0]# cpstat -f policy fw

 

Product name: Firewall

Policy name:

Policy install time:

... ... ...

[Expert@MyGW:0]#

 

 

[Expert@MyGW:0]# sysctl -a | grep forwarding | grep -v bridge

net.ipv6.conf.bond0.forwarding = 0

net.ipv6.conf.eth1.forwarding = 0

net.ipv6.conf.eth3.forwarding = 0

net.ipv6.conf.eth2.forwarding = 0

net.ipv6.conf.eth4.forwarding = 0

net.ipv6.conf.eth5.forwarding = 0

net.ipv6.conf.eth0.forwarding = 0

net.ipv6.conf.eth6.forwarding = 0

net.ipv6.conf.default.forwarding = 0

net.ipv6.conf.all.forwarding = 0

net.ipv6.conf.lo.forwarding = 0

net.ipv4.conf.bond0.mc_forwarding = 0

net.ipv4.conf.bond0.forwarding = 0

net.ipv4.conf.eth1.mc_forwarding = 0

net.ipv4.conf.eth1.forwarding = 0

net.ipv4.conf.eth2.mc_forwarding = 0

net.ipv4.conf.eth2.forwarding = 0

net.ipv4.conf.eth0.mc_forwarding = 0

net.ipv4.conf.eth0.forwarding = 0

net.ipv4.conf.lo.mc_forwarding = 0

net.ipv4.conf.lo.forwarding = 0

net.ipv4.conf.default.mc_forwarding = 0

net.ipv4.conf.default.forwarding = 0

net.ipv4.conf.all.mc_forwarding = 0

net.ipv4.conf.all.forwarding = 0

[Expert@MyGW:0]#

28 November 2021
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2021 Check Point Software Technologies Ltd. All rights reserved.