Bulk updating email allow list

Sam_Ponder — Mon, 31 Oct 2022 11:15:56 GMT

I just wanted to pass this on in case someone is looking for this type of information down the road. And as always, feedback is appreciated.

Task: move all the allowed domains and IPs in mail security from one appliance to another.

Gather data from the source appliance
1. use the following dbedit command to gather the different sections of data that is needed
  - print mail_security_policy Global_Mail_Security_Policy
Take a backup or snapshot of the target appliance
Create a txt file on the appliance. I prefer to do this via VI editor and paste in the formatted data.
- Add to the IP Allow
  - The following dbedit line adds a empty element to the container
    - addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
  - The following dbedit line modifies the element in position '0' (or the first element) with the value X.X.X.X, or the IP address you want to add to the allow list. So if you already have elements listed, you will want to start with that value and not 0, or else you will overwrite the value in those positions.
    - modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:0:ip X.X.X.X
    - Rinse and repeat for each IP address you want to add, increasing the position value each time, example below.
    - addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:0:ip 1.1.1.1
      addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:1:ip 1.1.1.2
      addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:2:ip 1.1.1.3
      addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:3:ip 1.1.1.4
      addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:4:ip 1.1.1.5
      update mail_security_policy Global_Mail_Security_Policy
    - The update mail_security_policy Global_Mail_Security_Policy command at the end saves the changes.
    - Paste this in a new file on the target appliance
    - run with the following command
      - dbedit -local -f filename.txt
    - Confirm the changes in one of many ways, Smart Console, GuiDBedit, or print mail_security_policy Global_Mail_Security_Policy
- Add to the Domain Allow
  1. real similar to IP, with just a few changes
    - MAIL_SECURITY_DOMAIN instead of MAIL_SECURITY_IP
    - allow_domain_list instead of allow_domain_ip
    - a sample below
    - addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
      modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:0:domain @abc.com
      addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
      modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:1:domain @bcd.com
      addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
      modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:2:domain @cde.com
      update mail_security_policy Global_Mail_Security_Policy
    - same steps as above.

I didn't do any block list bulk imports, but it doesn't look like it is that much different.

Here are a few sk's that I gleaned some information from

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=skI3301

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33403

This task was very educational with DBedit.

Thanks for reading.

Sam

Edited: to fix a typo

Re: Bulk updating email allow list

PhoneBoy — Fri, 28 Oct 2022 22:37:39 GMT

Thanks for sharing.
What version/JHF did you do this on?

Re: Bulk updating email allow list

Sam_Ponder — Mon, 31 Oct 2022 11:16:14 GMT

R81.10 take 66

topic Bulk updating email allow list in API / CLI Discussion

Bulk updating email allow list

Re: Bulk updating email allow list

Re: Bulk updating email allow list