fw amw

Description

Fetches and unloads Threat Prevention policy.

Threat Prevention policy applies to these Software Blades:

  • Anti-Bot

  • Anti-Spam

  • Anti-Virus

  • IPS

  • Threat Emulation

  • Threat Extraction

Syntax

  • To fetch the Threat Prevention policy from the Management Server:

    fw [-d] amw fetch -f [-i] [-n] [-r]

  • To fetch the Threat Prevention policy from a peer Cluster Member, and, if it fails, then from the Management Server:

    fw [-d] amw fetch -f -c [-i] [-n] [-r]

  • To fetch the Threat Prevention policy from the specified Check Point computer(s):

    fw [-d] amw fetch [-i] [-n] [-r] <Master 1> [<Master 2> ...]

  • To fetch the Threat Prevention policy stored locally on the Security Gateway:

    fw [-d] amw fetch local [-nu]

    fw [-d] amw fetch localhost [-nu]

  • To fetch the Threat Prevention policy stored locally on the Security Gateway in the specified directory:

    fw [-d] amw fetchlocal [-lu] -d <Full Path to Directory>

  • To unload the current Threat Prevention policy:

    fw [-d] amw unload

Parameters

Parameter

Description

fw -d amw ...

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

fw amw fetch

Fetches the Threat Prevention policy from the specified Check Point computer(s).

These can be a Management Server, or a peer Cluster Member.

fw amw fetch local

fw amw fetch localhost

Fetches the Threat Prevention policy that is stored locally on the Security Gateway in the $FWDIR/state/local/AMW/ directory.

fw amw fetchlocal

Fetches the Threat Prevention policy that stored locally on the Security Gateway in the specified directory.

fw amw unload

Unloads the current Threat Prevention policy from the Security Gateway.

Important - This significantly decreases the security on the Security Gateway. This is the same as if you disable the Threat Prevention Software Blades on the Security Gateway.

-c

Specifies that you fetch the policy from a peer Cluster Member.

Notes:

  • Must also use the "-f" parameter.

  • Works only in cluster.

-f

Specifies that you fetch the policy from a Management Server listed in the $FWDIR/conf/masters file.

-i

On a Security Gateway with dynamically assigned IP address (DAIP), specifies to ignore the SIC name and object name.

-lu

Specifies to perform a late update - to load signatures just after the Security Gateway copies the policy files to the local directory $FWDIR/state/local/AMW/.

-n

Specifies not to load the fetched policy, if it is the same as the policy already located on the Security Gateway.

-nu

Specifies not to update the currently installed policy.

-r

On a Cluster Member, specifies to ignore this option in SmartConsole Install Policy window:

For gateway clusters, if installation on a cluster member fails, do not install on that cluster

Best Practice - Use this parameter if a peer Cluster Member is Down.

<Master 1> [<Master 2> ...]

Specifies the Check Point computer(s), from which to fetch the Threat Prevention policy.

You can fetch the Threat Prevention policy from the Management Server, or a peer Cluster Member.

Notes:

  • If you fetch the Threat Prevention policy from the Management Server, you can enter one of these:

    • The main IP address of the Management Server object.

    • The object name of the Management Server.

    • The hostname that the Security Gateway resolves to the main IP address of the Management Server.

  • If you fetch the Threat Prevention policy from a peer Cluster Member, you can enter one of these:

    • The main IP address of the Cluster Member object.

    • The IP address of the Sync interface on the Cluster Member.

  • If the fetch from the first specified <Master> fails, the Security Gateway fetches the policy from the second specified <Master> , and so on. If the Security Gateway fails to connect to each specified <Masters>, the Security Gateway fetches the policy from the localhost.

  • If you do not specify the <Masters> explicitly, the Security Gateway fetches the policy from the localhost.

-d <Full Path to Directory>

Specifies local directory on the Security Gateway, from which to fetch the Threat Prevention policy files.

Example

[Expert@MyGW:0]# fw amw fetch local
Installing Threat Prevention policy from local
Fetching Threat Prevention policy succeeded
[Expert@MyGW:0]#