Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

181

182

183

184

185

186

187

188

189

190

177

Appendix B: Object.C Properties in VPN-1/FireWall-1 4.0

The Properties section of the $FWDIR/conf/objects.C file

The objects.C file includes a section of properties whose values affect the VPN-1/FireWall-1 behavior. These

properties exist in addition to network objects, server objects, service objects, time objects and other

miscellaneous data. The section under consideration begins with the line:

:props (

Immediately following, are lines with the format:

:property (value)

Note: The blank space preceding the ‘(‘ is required on the “props” line and each “property” line. Omitting the

blank space will result in a failure to load the security policy. In certain cases the parentheses may be omitted, but

it is best to use them in all cases to avoid any possible mistake.

To modify any of the properties listed in the table below, do the following:

1. Close all VPN-1/FireWall-1 GUI clients.

2. Edit the $FWDIR/conf/objects.C file. (Use a simple text editor such as Notepad. Do not use a word

processor).

3. Search for the desired property.

4. If the property is found, change its value to the desired value.

5. If the property is not found, add a new line after the “props”line. Usetheformatshownabovetolistthe

new property and assign it a value.

6. Save the changes to the objects.C file.

7. Reload the security policy.

8. For properties that involve the security servers, VPN-1/FireWall-1 must be restarted.

If the property is a Boolean property (i.e. ONLY if its value is either ‘true’ or ‘false’), use the command ‘fw

config <property> put <true|false>’ rather than edit the objects.C file.

Property Property always

appears in object.C ?

(1=yes,0=userhas

to add entry)

Explanation Default Value

acceptdecrypt 1 Accept encrypted messages on 'accept' rules and

decrypt them (true) or not (false)

TRUE

add_ntgroups 0 Query the Windows NT domain controller for user

groups (true) or not (false)

FALSE

addresstrans 0 This property is no longer used TRUE

adtr_skip_routing_msg 1 This property is no longer used FALSE

alertcmd 1 Command to issue in case of alerts. May contain

the name of any OS command or executable file

Fwalert

allow_all_options 0 Allow all telnet options (true) or not (false) FALSE

allow_clear_gettopo 1 Topology download to SecureRemote clients may

use cleartext as well (true) or only SSL (false).

TRUE