Python tool for exporting/importing a policy package or parts of it

Document created by Inbar Moskovich Employee on Oct 13, 2016Last modified by Inbar Moskovich Employee on Oct 13, 2016
Version 1Show Document
  • View in full screen mode

Overview

This tool enables you to export a policy package (or layers from it) from a management server to a .tar.gz file,

which can be imported later into any management server.

This tool can be used for backups, database transfers, testing and more.

 

Description

This tool enables you to export a policy package (or layers from it) from a management server to a .tar.gz file.

Notice:

There are some types of objects that the script might not be able to export, in this case,

it will create an empty group in every instance of these objects and will additionally create a .html

page listing all of these replacements in the .tar.gz file.

In the Check Point Smart Console you can easily replace each of these objects by searching "export_error"

in the search field, see where each object is used, create the necessary object manually, then replace it.

 

 

Instructions

First, make sure you have [2.7.9 <= python < 3.0] installed on the machine running the script.

Also, when importing layers/packages, make sure that you copy to the management server, where you will run the scripts the following files:

    * import_access_rulebase.py

    * import_package.py (only necessary when importing a whole package)

    * Your .tar.gz file that you got from the export

 

A typical run of the script to export a policy package will be along the lines of:

    export_package.py -m [management server IP] [name of package]

A typical import of a policy package will require you to run this line on the management server:

    import_package.py [name of .tar.gz archive containing the package]

You can of course export and import individual access layers (the arguments are practically the same)

with [export/import]_access_rulebase.py respectively.

 

A lot more details can of course be accessed with the '-h' option.

 

Code Version

Code version 1.0

 

Tested on version

R80, API version 1.0

 

NOTICE: By using this sample code you agree to terms and conditions in this Terms and Conditions

...

1 person found this helpful

Attachments

Outcomes