Title : GAHH! MY FIREWALL RULES ARE GONE!
Author: Daniel Trembath, 12 July 2002
Edited: same

Keywords: phoneboy.com Check Point GUI lost rules missing gone version 4

Yesterday evening we were using our very old NT based Checkpoint firewall, with the Policy Editor, and all of our firewall rules disapeared. Had this happen yourself? Well straighten up and tighten that bowel, this is easy to fix.

First of all, chances are your firewall is still running quite healthily right? Its just the GUI seems to have forgotten all of your rules. You'll probably also notice that all of your machines are still in the object list and that all of your NAT rules are still in place.

You see Policy Editor (the GUI) realises its dealing with a fairly important piece of software/hardware here, and it has no wish to destroy your firewall by corrupting your rules or anything of that nature. The firewall in general is all about backups and security, so its saved the day for us here.

NOTE: an important side part. there are programs in the 'bin' directory of your firewall (usually c:\winnt\fw\bin) that actually make the changes to your rules and firewall. The GUI is just a front end to these tools.

All of the rules for your server are usually backed up each time you apply changes, they are kept in the conf directory (usually c:\winnt\fw\conf\) and have datestamp names like 20020712.w. They are also sometimes in files called xxxx.pf. The GUI however saves its rules in a file called rulebase.fws, and it keeps its own copy, and only writes over the real ones when it really really has to. 

In this case, your rulebase.fws will have become empty, but your actual rule files will still be around in the conf directory.

What we need to do is rebuild the rulebase.fws file for the GUI. This is easy to do. Go into your conf directory and find the most recent backup. Open it with a decent text editor (not notepad, it will stuff up on the character encoding) and check that your rules seem to be listed (or at least there is something in there).

Then you need to run a command. First quit out of Policy Editor

c:\winnt\fw\conf\>fw fwm -g rulesFile.w (where rulesFile.w is the backup).

This looks like we're running one command after another, but its not a typo, this is the actual command. 

Often you wont have the PATHs in your machine setup correctly, so you might have to put the relative or full path. Eg:

c:\winnt\fw\conf\>..\bin\fw fwm -g 20020712.w

It should crunch for a fraction of a second then tell you that its done.

Now open Policy Editor again and go File -> Open. In the list there will now be one for the backup you just added. Opening and then promptly save it as something else. This way you've still got that backup there if you need it.


I found this information thanks to a mixture of Google and www.archive.org's internet archive. There used to be a site called www.phoneboy.com but its since gone out of business. You can get its archives at the link below.

Original Info from:
http://web.archive.org/web/20020124105922/www.phoneboy.com/faq/0136.htm


Cheers
Daniel (now much relieved)