topic Re: How to check if there are changes in the policy? in API / CLI Discussion https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/119058#M5859 <P>There doesn't seem to be a simple way to do this, but I think this would work:</P> <P>1) Pull date of last policy install to the gateway with <STRONG>cpstat -f policy fw</STRONG>, field "Policy Install Time".&nbsp; There doesn't seem to be a way to pull this info directly from the API that I can find; was hoping to get this from the audit logs but they don't seem to be available at all via the API.&nbsp; This policy install date info can be found easily on the Gateways &amp; Servers tab of the SmartConsole GUI, so it may be somehow available through the management API although I couldn't figure out how.</P> <P>2) Once you have the last policy install date, invoke the <STRONG>show changes from-date</STRONG> API call to see a list of changes since last policy install date.&nbsp; Note that similarly to the display on the Install Policy confirmation screen, this shows you the total number of changes since last policy install, but all those changes are not necessarily relevant to the gateway in question.</P> Fri, 21 May 2021 13:36:11 GMT Timothy_Hall 2021-05-21T13:36:11Z How to check if there are changes in the policy? https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/106383#M5431 <P>How to check if there are changes in the policy?<BR />I only want to install the policy if there have been changes.</P><P>Accounts for VPN users can be created during the day. And at the end of the day, I need to apply a policy so that users from home can connect.</P><P>I use&nbsp;<STRONG>Management API v1.6.1</STRONG></P> Fri, 25 Dec 2020 15:20:50 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/106383#M5431 CepKpy 2020-12-25T15:20:50Z Re: How to check if there are changes in the policy? https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/106385#M5432 <P>That means you're on R80.40 with a recent JHF.<BR />Means you can leverage this:&nbsp;<A href="https://community.checkpoint.com/t5/SmartConsole-Extensions/Change-Report/m-p/87322" target="_blank">https://community.checkpoint.com/t5/SmartConsole-Extensions/Change-Report/m-p/87322</A><BR />See also discussion about the show-changes API here:&nbsp;<A href="https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Show-changes-from-session-gt-from-a-single-session/m-p/48854" target="_blank">https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Show-changes-from-session-gt-from-a-single-session/m-p/48854</A></P> Fri, 25 Dec 2020 16:59:41 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/106385#M5432 PhoneBoy 2020-12-25T16:59:41Z Re: How to check if there are changes in the policy? https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/119035#M5858 <P>it doesn't answer my question. I need to find out via the API: have changes been posted since the last installation of the policies?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg" style="width: 485px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11765i10A358877CF50BCB/image-size/large?v=v2&amp;px=999" role="button" title="1.jpg" alt="1.jpg" /></span></P> Fri, 21 May 2021 10:06:25 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/119035#M5858 CepKpy 2021-05-21T10:06:25Z Re: How to check if there are changes in the policy? https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/119058#M5859 <P>There doesn't seem to be a simple way to do this, but I think this would work:</P> <P>1) Pull date of last policy install to the gateway with <STRONG>cpstat -f policy fw</STRONG>, field "Policy Install Time".&nbsp; There doesn't seem to be a way to pull this info directly from the API that I can find; was hoping to get this from the audit logs but they don't seem to be available at all via the API.&nbsp; This policy install date info can be found easily on the Gateways &amp; Servers tab of the SmartConsole GUI, so it may be somehow available through the management API although I couldn't figure out how.</P> <P>2) Once you have the last policy install date, invoke the <STRONG>show changes from-date</STRONG> API call to see a list of changes since last policy install date.&nbsp; Note that similarly to the display on the Install Policy confirmation screen, this shows you the total number of changes since last policy install, but all those changes are not necessarily relevant to the gateway in question.</P> Fri, 21 May 2021 13:36:11 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-check-if-there-are-changes-in-the-policy/m-p/119058#M5859 Timothy_Hall 2021-05-21T13:36:11Z