https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/92503#M5059 <P>Its very nice script which will help everyone.</P><P>I am migrating below rules to checkpoint R80.40 (API)</P><P>access-rule from LAN to WAN action allow source address name "CL App 12.242" destination address name SF_10.120.22.202<BR />access-rule from LAN to GS action allow source address name "CL App 12.242" service name TCP_1415 destination address name SF_10.120.22.202</P><P><SPAN>Can you confirm below policy syntax is correct</SPAN></P><P>add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "any" action "accept" track-settings.type "Log" position "1" name "rule1" install-on "chkpt" --port Any<BR />add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "TCP_4434" action "accept" track-settings.type "Log" position "1" name "rule2" install-on "chkpt" --port 4434</P> Mon, 27 Jul 2020 07:44:45 GMT abhijeet6 2020-07-27T07:44:45Z https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/40239#M2651 <P>The Security Management API's let us recreate the same&nbsp;security configuration settings in&nbsp;every environment.&nbsp;</P> <P>I attached the API scripts that we use to set up the&nbsp;<A href="https://community.checkpoint.com/thread/5172" target="_blank" rel="noopener">Cool Feature in R80.10: Cloud-Based Demo Mode</A>&nbsp; environment. Because this is a demo mode environment, the network elements are all fake and OK to use <IMG id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P> <P>I published basically the same script but in SmartCenter mode and in Multi-Domain mode (editing just one of the domains).</P> <P>You can use this as template to provision your own setup environment.</P> <P>Revisions:</P> <P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/67910_revisions.png" border="0" alt="" width="342" height="151" /></P> <P>&nbsp;</P> <P>Gateways:</P> <P><IMG class="image-1 jive-image" src="/legacyfs/online/checkpoint/67909_1 gateways.png" border="0" alt="" width="339" height="182" /></P> <P>&nbsp;</P> <P>Access Control Policy with an inline layer for Application Control:</P> <P><IMG class="image-3 jive-image" src="/legacyfs/online/checkpoint/67911_2 policy.png" border="0" alt="" width="341" height="179" /></P> <P>&nbsp;</P> <P>Access Control Policy with an inline layer for Content Awareness, and another inline layer for Rule With Exceptions:</P> <P><IMG class="image-4 jive-image" src="/legacyfs/online/checkpoint/67912_3 policy.png" border="0" alt="" width="342" height="179" /></P> <P>&nbsp;</P> <P>An example of how an upgraded Access Control policy from R7x looks like in R80.10 - one ordered layer for network access, and one ordered layer for managing web applications:</P> <P><IMG class="image-5 jive-image" src="/legacyfs/online/checkpoint/67913_4 policy.png" border="0" alt="" width="346" height="182" /></P> <P>&nbsp;</P> <P>Threat Prevention Policy with different profiles for different scopes behind the same gateway:</P> <P><IMG class="image-6 jive-image" src="/legacyfs/online/checkpoint/67914_5 policy.png" border="0" alt="" width="347" height="138" /></P> Sat, 06 Jul 2019 00:25:04 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/40239#M2651 Tomer_Sole 2019-07-06T00:25:04Z https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/40240#M2652 <HTML><HEAD></HEAD><BODY><P>Nice!</P></BODY></HTML> Wed, 15 Aug 2018 14:02:37 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/40240#M2652 Vivek_McClure 2018-08-15T14:02:37Z https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/92503#M5059 <P>Its very nice script which will help everyone.</P><P>I am migrating below rules to checkpoint R80.40 (API)</P><P>access-rule from LAN to WAN action allow source address name "CL App 12.242" destination address name SF_10.120.22.202<BR />access-rule from LAN to GS action allow source address name "CL App 12.242" service name TCP_1415 destination address name SF_10.120.22.202</P><P><SPAN>Can you confirm below policy syntax is correct</SPAN></P><P>add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "any" action "accept" track-settings.type "Log" position "1" name "rule1" install-on "chkpt" --port Any<BR />add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "TCP_4434" action "accept" track-settings.type "Log" position "1" name "rule2" install-on "chkpt" --port 4434</P> Mon, 27 Jul 2020 07:44:45 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/92503#M5059 abhijeet6 2020-07-27T07:44:45Z https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/159362#M7181 <P>This is of great help, thank you for the hard work and sharing it to the community.</P> Wed, 12 Oct 2022 14:16:29 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/My-Security-Management-Setup-Script/m-p/159362#M7181 MannyMekala 2022-10-12T14:16:29Z