fw fetch

Description

Fetches the Security Policy from the specified host and installs it to the kernel.

Syntax

To fetch the policy from the Management Server:

fw [-d] fetch -f [-i] [-n] [-r]
To fetch the policy from a peer Cluster Member, and, if it fails, then from the Management Server:

fw [-d] fetch -f -c [-i] [-n] [-r]
To fetch the policy from the specified Check Point computer(s):

fw [-d] fetch [-i] [-n] [-r] <Master 1> [<Master 2> ...]
To fetch the policy stored locally on the Security Gateway:

fw [-d] fetch local [-nu]

fw [-d] fetch localhost [-nu]
To fetch the policy stored locally on the Security Gateway in the specified directory:

fw [-d] fetchlocal -d <Full Path to Directory>

Parameters

Parameter	Description
`fw -d fetch...`	Runs the command in debug mode. Use only if you troubleshoot the command itself. Note - If you use this parameter, then redirect the output to a file, or use the `script` command to save the entire CLI session.
`-c`	Specifies that you fetch the policy from a peer Cluster Member. Notes: Must also use the "`-f`" parameter. Works only in cluster.
`-f`	Specifies that you fetch the policy from a Management Server listed in the `$FWDIR/conf/masters` file.
`-i`	On a Security Gateway with dynamically assigned IP address (DAIP), specifies to ignore the SIC name and object name.
`-n`	Specifies not to load the fetched policy, if it is the same as the policy already located on the Security Gateway.
`-nu`	Specifies not to update the currently installed policy.
`-r`	On a Cluster Member, specifies to ignore this option: For gateway clusters, if installation on a cluster member fails, do not install on that cluster. Note - Use this parameter if a peer Cluster Member is Down.
`<`Master 1`> [<`Master 2`> ...]`	Specifies the Check Point computer(s), from which to fetch the policy. You can fetch the policy from the Management Server, or a peer Cluster Member. Notes: If you fetch the policy from the Management Server, you can enter one of these: The main IP address of the Management Server object. The object name of the Management Server. The hostname that the Security Gateway resolves to the main IP address of the Management Server. If you fetch the policy from a peer Cluster Member, you can enter one of these: The main IP address of the Cluster Member object. The IP address of the Sync interface on the Cluster Member. If the fetch from the first specified `<`Master`>` fails, the Security Gateway fetches the policy from the second specified `<`Master`>` , and so on. If the Security Gateway fails to connect to each specified `<`Masters`>`, the Security Gateway fetches the policy from the `localhost`. If you do not specify the `<`Masters`>` explicitly, the Security Gateway fetches the policy from the `localhost`.
`-d <`Full Path to Directory`>`	Specifies local directory on the Security Gateway, from which to fetch the policy files.