https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96867#M5159 <P>Is it possible to extract the global and local rules within a CMA with one API call? Or is it a requirement to extract both separately and then "insert" the local rules into the "Placeholder for domain rules" section? I am attempting to emulate what was delivered using cp_merge.&nbsp;</P> Wed, 16 Sep 2020 14:24:12 GMT mikesleath 2020-09-16T14:24:12Z https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96867#M5159 <P>Is it possible to extract the global and local rules within a CMA with one API call? Or is it a requirement to extract both separately and then "insert" the local rules into the "Placeholder for domain rules" section? I am attempting to emulate what was delivered using cp_merge.&nbsp;</P> Wed, 16 Sep 2020 14:24:12 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96867#M5159 mikesleath 2020-09-16T14:24:12Z https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96876#M5160 <P>I think I have answered my own question.... the "local" rules query will contain the global rules, but the rule base is not in the order I was expecting.... global-pre-local and global-post-local are included prior to the local rules but not included in the "total". Apologies for not digging in more detail before posting.</P> Wed, 16 Sep 2020 16:19:47 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96876#M5160 mikesleath 2020-09-16T16:19:47Z https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96883#M5161 <P>You can only get the Domain you have logged into from the API, so when you need the Global rules, you need to collect them from the MDS level domain. For each domain/CMA you need to login with the -d parameter to get the info from that specific domain/CMA. And this cannot be done within the same call.</P> Wed, 16 Sep 2020 17:35:19 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96883#M5161 Maarten_Sjouw 2020-09-16T17:35:19Z https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96907#M5164 <P>I think the domain will also show me the global rules that have been assigned. I need to make two calls like this</P><P>to get global policy rules as currently assigned to domain</P><P><FONT face="terminal,monaco"><SPAN>mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_GlobalPol</SPAN><SPAN>&nbsp;Security" limit 100 use-object-dictionary true --format json</SPAN></FONT></P><P><SPAN>to get local rules for the domain</SPAN></P><P><FONT face="terminal,monaco"><SPAN>mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_LocalPol&nbsp;Security" limit 100 use-object-dictionary true --format json</SPAN></FONT></P><P><SPAN>I can combine the results and "insert" the local rule at the "place holder for domain rules slot" but was wondering if there was a command to pull back the combined rule base as cp_merge did previously?</SPAN></P><P><SPAN>If I connect to the MDS level and extract the global rules, i get the view of the rules at the MDS level which, in some circumstances, may not match that which is assigned to the domain level.</SPAN></P><P>&nbsp;</P> Thu, 17 Sep 2020 06:16:18 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Global-vs-Local-rule-bases/m-p/96907#M5164 mikesleath 2020-09-17T06:16:18Z