topic Re: Help getting management API Security Policies Child/Sub-rules in API / CLI Discussion

Help getting management API Security Policies Child/Sub-rules

mateus_cruz — Thu, 20 Jul 2023 15:20:38 GMT

Hi,

I'm making a little python script that uses the Checkpoint Management API, so far I was able to get a Json with all connection/Security Policies rules. My problem is, all the rules I was able to fetch were 1, 2 and 3 which contained a child rule or sub-rule 2.1, 3.1 and 3.2 inside them, nested. (not sure what the name for those is) What API request should I make to be able to not only fetch the main rules 1, 2 and 3, but also their sub-rules 2.1, 3.1 and 3.2? I've searched the documentation and can't seem to be able to fetch them.

Thanks to anyone who can help ...

Re: Help getting management API Security Policies Child/Sub-rules

Hugo_vd_Kooij — Fri, 21 Jul 2023 07:15:18 GMT

These subrules are not part of the policy you query. So you must determine which policy they are part of then query that policy.

Such is the fun to be had with inline layers.

Re: Help getting management API Security Policies Child/Sub-rules

Bob_Zimmerman — Fri, 21 Jul 2023 14:56:16 GMT

When you get a rule with an inline layer, there should be a key "inline-layer" in it. That will contain either the name, UUID, or an object containing the name and UUID of the inline layer. You should take those and run a separate 'show access-rulebase' for them, repeating as needed.