fw fetch

Description

Syntax

fw [-d] fetch -f [-i] [-n] [-r]

To fetch the policy from a peer Cluster Member Security Gateway that is part of a cluster., and, if it fails, then from the Management Server:

fw [-d] fetch -f -c [-i] [-n] [-r]

To fetch the policy from the specified Check Point computer(s):

fw [-d] fetch [-i] [-n] [-r] <Master 1> [<Master 2> ...]

fw [-d] fetch local [-nu]

fw [-d] fetch localhost [-nu]

To fetch the policy stored locally on the Security Gateway in the specified directory:

fw [-d] fetchlocal -d <Full Path to Directory>

Parameters

Parameter

Description

fw -d fetch...

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-c

Notes:

-f

Specifies that you fetch the policy from a Management Server listed in the $FWDIR/conf/masters file.

-i

-n

Specifies not to load the fetched policy, if it is the same as the policy already located on the Security Gateway.

-nu

Specifies not to update the currently installed policy.

-r

For gateway clusters, if installation on a cluster member fails, do not install on that cluster

Best Practice - Use this parameter if a peer Cluster Member is Down.

<Master 1> [<Master 2> ...]

Specifies the Check Point computer(s), from which to fetch the policy.

You can fetch the policy from the Management Server, or a peer Cluster Member.

Notes:

If you fetch the policy from the Management Server, you can enter one of these:
- The main IP address of the Management Server object.
- The object name of the Management Server.
- The hostname that the Security Gateway resolves to the main IP address of the Management Server.
If you fetch the policy from a peer Cluster Member, you can enter one of these:
- The main IP address of the Cluster Member object.
- The IP address of the Sync interface An interface on a Cluster Member, whose Network Type was set as Sync or Cluster+Sync in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover. This interface is used for State Synchronization between Cluster Members. The use of more than one Sync Interfaces for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. See sk92804. Synonyms: Secured Interface, Trusted Interface. on the Cluster Member.
If the fetch from the first specified <Master> fails, the Security Gateway fetches the policy from the second specified <Master> , and so on. If the Security Gateway fails to connect to each specified <Masters>, the Security Gateway fetches the policy from the localhost.
If you do not specify the <Masters> explicitly, the Security Gateway fetches the policy from the localhost.

-d <Full Path to Directory>

Specifies the local directory on the Security Gateway, from which to fetch the policy files.