topic Re: Command to view interface-security_zone mapping in Firewall and Security Management

Command to view interface-security_zone mapping

aharihara — Wed, 07 Sep 2022 09:06:59 GMT

Hi Checkmates!

I would like to see all the interfaces and the security zones mapped to them in CLI. I can see this in Smart Console, but one interfaces in one gateway at a time. It is so painful when you have a hundreds of interfaces in a VSX environment and plenty of zones. Im looking for a way to document the configuration which will also help us in everyday operations. I tried looking in the forums with no luck. I believe that there should be a way to do this CLI. However if there is any other method I would be glad to know that. Can any of you come across a similar situation and can guide me on how to do this?

Best Regards,

Hari

Re: Command to view interface-security_zone mapping

Chris_Atkinson — Wed, 07 Sep 2022 10:36:59 GMT

Currently there is a process available via TAC that leverages the MGMT API and some Gateway side output to achieve this.

You could request the same from them and tailor it to your needs but caution should be used since we don't support 3rd party scripts

Re: Command to view interface-security_zone mapping

Danny — Wed, 07 Sep 2022 11:04:18 GMT

I would go from here and adjust according to your demand.

Re: Command to view interface-security_zone mapping

aharihara — Wed, 07 Sep 2022 11:42:47 GMT

Thanks! I will try via TAC if I don't find any other way to do this.

Re: Command to view interface-security_zone mapping

aharihara — Wed, 07 Sep 2022 11:53:17 GMT

Thanks a lot Danny!😊 I'm quite new when it comes to scripting . So I'm very sceptical about running those one liners in the production firewalls. However I will use this as a starting point to learn scripting in Checkpoint. My worry is that if I run these one liners, will it make any changes to the firewall. Whenever I see the word topology in a command, I'm a bit scared if it would fetch new topology and eventually change it(like how it happens in Smart Console) 😐

Re: Command to view interface-security_zone mapping

Danny — Wed, 07 Sep 2022 12:03:02 GMT

You asked for "way to do this CLI" and now you are sceptical to run standard CLI commands that already won prizes and are referenced in several books after being heavily tested by this community? The one-liner I referenced doesn't change anything on your system and just greps through some config files and formats the output for your pleasure. It couldn't be simpler.

Re: Command to view interface-security_zone mapping

aharihara — Wed, 07 Sep 2022 12:33:13 GMT

Thanks Danny! I told that I was sceptical only because of my little experience with checkpoint CLI. My experience is limited to day to day operational commands. I'll try this one-liner since I'm assured that doesn't change anything in the system. 😊