fw amw

Description

Fetches and unloads Threat Prevention policy.

Threat Prevention policy applies to these Software Blades:

Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
Anti-Spam Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.

Syntax

To fetch the Threat Prevention policy from the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.:

fw [-d] amw fetch -f [-i] [-n] [-r]

To fetch the Threat Prevention policy from a peer Cluster Member Security Gateway that is part of a cluster., and, if it fails, then from the Management Server:

fw [-d] amw fetch -f -c [-i] [-n] [-r]

To fetch the Threat Prevention policy from the specified Check Point computer(s):

fw [-d] amw fetch [-i] [-n] [-r] <Master 1> [<Master 2> ...]

To fetch the Threat Prevention policy stored locally on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.:

fw [-d] amw fetch local [-nu]

fw [-d] amw fetch localhost [-nu]

To fetch the Threat Prevention policy stored locally on the Security Gateway in the specified directory:

fw [-d] amw fetchlocal [-lu] -d <Full Path to Directory>

To unload the current Threat Prevention policy:

fw [-d] amw unload

Parameters

Parameter

Description

fw -d amw ...

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

fw amw fetch

Fetches the Threat Prevention policy from the specified Check Point computer(s).

These can be a Management Server, or a peer Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member.

fw amw fetch local

fw amw fetch localhost

Fetches the Threat Prevention policy that is stored locally on the Security Gateway in the $FWDIR/state/local/AMW/ directory.

fw amw fetchlocal

Fetches the Threat Prevention policy that stored locally on the Security Gateway in the specified directory.

fw amw unload

Unloads the current Threat Prevention policy from the Security Gateway.

Important - This significantly decreases the security on the Security Gateway. This is the same as if you disable the Threat Prevention Software Blades on the Security Gateway.

-c

Specifies that you fetch the policy from a peer Cluster Member.

Notes:

Must also use the "-f" parameter.
Works only in cluster.

-f

Specifies that you fetch the policy from a Management Server listed in the $FWDIR/conf/masters file.

-i

On a Security Gateway with dynamically assigned IP address (DAIP), specifies to ignore the SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. name and object name.

-lu

Specifies to perform a late update - to load signatures just after the Security Gateway copies the policy files to the local directory $FWDIR/state/local/AMW/.

-n

Specifies not to load the fetched policy, if it is the same as the policy already located on the Security Gateway.

-nu

Specifies not to update the currently installed policy.

-r

On a Cluster Member, specifies to ignore this option in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Install Policy window:

For gateway clusters, if installation on a cluster member fails, do not install on that cluster

Best Practice - Use this parameter if a peer Cluster Member is Down.

<Master 1> [<Master 2> ...]

Specifies the Check Point computer(s), from which to fetch the Threat Prevention policy.

You can fetch the Threat Prevention policy from the Management Server, or a peer Cluster Member.

Notes:

If you fetch the Threat Prevention policy from the Management Server, you can enter one of these:
- The main IP address of the Management Server object.
- The object name of the Management Server.
- The hostname that the Security Gateway resolves to the main IP address of the Management Server.
If you fetch the Threat Prevention policy from a peer Cluster Member, you can enter one of these:
- The main IP address of the Cluster Member object.
- The IP address of the Sync interface An interface on a Cluster Member, whose Network Type was set as Sync or Cluster+Sync in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover. This interface is used for State Synchronization between Cluster Members. The use of more than one Sync Interfaces for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. See sk92804. Synonyms: Secured Interface, Trusted Interface. on the Cluster Member.
If the fetch from the first specified <Master> fails, the Security Gateway fetches the policy from the second specified <Master> , and so on. If the Security Gateway fails to connect to each specified <Masters>, the Security Gateway fetches the policy from the localhost.
If you do not specify the <Masters> explicitly, the Security Gateway fetches the policy from the localhost.

-d <Full Path to Directory>

Specifies local directory on the Security Gateway, from which to fetch the Threat Prevention policy files.

Example

[Expert@MyGW:0]# fw amw fetch local

Installing Threat Prevention policy from local

Fetching Threat Prevention policy succeeded

[Expert@MyGW:0]#