- Clavister Security Gateway, all versions up to 8.90
[*] FWCore_N.cfg [*] FWCore.cfg [*] FWCore_O.cfg
This document describes when "FWCore_N.cfg" exists, and how you can use "FWCore_O.cfg" as a fall-back option if something goes wrong.
What "FWCore_N.cfg" is, and when it exists
When you upload a new configuration, it will be temporarily stored as "FWCore_N.cfg". The SGW will then load the contents of it.
If you successfully reconnect to the SGW (Security Gateway) within 30 seconds (default, see "Advanced Settings" -> "Misc" or "RemoteAdmin" -> "NetConBiDirTimeout"), SGW will place the new configuration in "FWCore.cfg" and delete "FWCore_N.cfg".
If however you can not reconnect to the SGW, "FWCore_N.cfg" will be deleted, and the SGW will fall back to "FWCore.cfg".
Resolving fatal configuration problems
If there is ever a problem with a newly uploaded configuation that prevents your SGW from starting, you can halt the startup and escape to the boot menu. From there, select "Advanced" -> "CLI", which drops you to a command-line interface prompt.
There, you can type the following commands:
del fwcore_n.cfg exit
What "FWCore_O.cfg" is, and what you can use it for
"FWCore_O.cfg" is not created by any automated process. You can, however, create it yourself, so that you have an backup configuration that you can fall back to if all else fails.
To create an "FWCore_O.cfg", you can either go to the command-line interface via the boot menu and use the following command:
copy fwcore.cfg fwcore_o.cfg
fwctl --fileupload myconfigfile.txt fwcore_o.cfg mygw
"FWCore_O.cfg" will be used if the SGW fails to find or parse "FWCore_N.cfg" as well as "FWCore.cfg".
This means that it can happen because you accidentally uploaded a much older SGW Core, so you should make sure that "FWCore_O.cfg" contains only very basic configuration options if it is to be useful in such a situation.
You can, of course, also force it to happen by simply deleting your current configuration.
But won't "FWCore_O.cfg" be ... old?
The SGW will assume that the policy and settings in FWCore_O.cfg is too old to be trusted, and do two things:
- Enable "Safe Mode", which minimizes RAM consumption by assuming a minimum of concurrent states, packet buffers, etc...
- Enable "Lockdown Mode", where only admin access to the SGW is allowed. No traffic is allowed through the SGW.