288 Chapter8·ConfiguringtheCheckPointNGXFirewall spool The SMTP Security Server default spool directory is located in this directory. state State information specific to the firewall is stored here. tmp The Temporary directory where the daemon pid files are located. The conf directory stores many of the most important files that make up the configuration of the firewall. Within the conf directory, you will find the objects_5_0.C file, which holds all your FireWall-1 objects and services. Every object including network, host, firewall, and so on are stored in this file. You will also find the rulebases_5_0.fws file contains your rule bases defined on the firewall, and the fwauth.NDB* files, which contain your user database. The objects_5_0.C and rulebases_5_0.fws can be edited in a text editor, although it is not recommended. The fwauth.NDB files are in binary format and cannot be edited. The files in the lib directory are also important. They are sometimes modified when applying hotfixes or service packs to the firewall. It is very rare that you would ever have to manually edit these files. If you find yourself in this situation, it is extremely important that every file located in the lib directory be backed up. Firewall log files are just as important as firewall configuration files with regard to applying appropriate maintenance and backup procedures. Within SmartDashboard, there are many ways you can ensure that log files maintain a manageable size, but security server log files such as a httpd.elg, aftpd.elg, and asmtpd.elg will continue to grow in the Nokia $FWDIR/log directory. Most of the files that begin with fw.* will also be part of the active log files. Firewall state information is contained in the state directory. The information in this directory is updated whenever a policy is installed. Understanding IP Forwarding as It Pertains to Firewall Policies To protect the network segment that resides behind the firewall, IP forwarding is disabled when the Nokia NSP is booting up. The Check Point firewall will control IP forwarding by enabling it after its services are started. The firewall also loads a default filter during the boot process, which essentially denies all inbound traffic but allows outbound traffic. This filter is loaded into the kernel before the interfaces of the Nokia are configured. This ensures that there is never a time during the boot process that the machine is unprotected. Upon initial startup of a Check Point firewall, the initial default policy is applied to ensure that no other traffic can hit the firewall except SmartDashboard GUI traffic. ICMP traffic is also denied, which sometimes confuses first-time users. The only other time the default policy is applied to the firewall is when it cannot fetch a policy from itself. If you find yourself in a position where you cannot connect to the firewall with SmartDashboard, you can run the fw unloadlocal command. This command unloads the default policy for you