https://community.checkpoint.com/t5/API-CLI-Discussion/Mgmt-cli-show-access-rule-base-issue/m-p/208813#M8402 <P>EXT-OTT is the name of the policy package, which is made up of one or more policy layers.<BR />The layers are where the policy is defined.</P> <P>To get the top-level layers involved:&nbsp;<STRONG><FONT face="courier new,courier">mgmt_cli --format json --session-id xxx show package name Standard | jq '."access-layers"[]'</FONT></STRONG><BR />You can then look at the correct rulebase:&nbsp;<STRONG><FONT face="courier new,courier">mgmt_cli --format json --session-id xxx show access-rulebase uid 6a5b4108-a94e-4f5d-974b-8d8c431fdd5f</FONT></STRONG></P> <P>Do not use the "limit" parameter to exceed the specification in the API documentation as it is not guaranteed to return all the requested results and may result in performance issues (500 is max for show access-rulebase).<BR />Also, if you have inline layers, you will have to parse the results to find out what inline layer is referenced and do a show access-rulebase on those as well.</P> Fri, 15 Mar 2024 00:48:28 GMT PhoneBoy 2024-03-15T00:48:28Z https://community.checkpoint.com/t5/API-CLI-Discussion/Mgmt-cli-show-access-rule-base-issue/m-p/208807#M8400 <P>I am trying to export 0 hit rules, I found some old discussion. and articles&nbsp;&nbsp;</P><P><A href="https://community.checkpoint.com/t5/Management/Export-of-rules-with-zero-hits-in-dashboard/m-p/120552/highlight/true#M26931" target="_blank">Solved: Re: Export of rules with zero hits in dashboard - Check Point CheckMates</A></P><P><A href="https://community.checkpoint.com/t5/API-CLI-Discussion/Disable-Delete-Rules-with-a-Zero-Hit-Count-MDS-or-SMS/td-p/40005" target="_blank">Solved: Disable/Delete Rules with a Zero Hit Count (MDS or... - Check Point CheckMates</A></P><P>&nbsp;</P><P>My environment is MDS, I have inline policy layers. When I run mgmt_cli , I can see the packages</P><P>&nbsp;</P><P>[Expert@MDS-01:0]# mgmt_cli -r true --port 443 show packages -d "172.16.31.117" --format json | jq '.packages[] | .name' | sed 's/\"//g'<BR />EXT-OTT<BR />Standard</P><P>&nbsp;</P><P>However, when I try to see the rule base, it says object not found.&nbsp;</P><P><BR />[Expert@MDS-01:0]# mgmt_cli show access-rulebase offset 0 limit 20 name "EXT-OTT" details-level "standard" use-object-dictionary true<BR />Username: admin<BR />Password:<BR />code: "generic_err_object_not_found"<BR />message: "Requested object [EXT-OTT] not found"</P><P>[Expert@MDS-01:0]# ^C<BR />[Expert@MDS-01:0]# mgmt_cli -r true --port 443 show access-rulebase name "EXT-OTT" -d "172.16.31.117" show-hits true --format json limit 50000<BR />{<BR />"code" : "generic_err_object_not_found",<BR />"message" : "Requested object [EXT-OTT] not found"</P><P>&nbsp;</P><P>What am I missing here?</P><P>Sorry I am new to API calls and programming; I work mostly on firewalls.&nbsp;</P> Thu, 14 Mar 2024 20:01:37 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Mgmt-cli-show-access-rule-base-issue/m-p/208807#M8400 sidlab1584 2024-03-14T20:01:37Z https://community.checkpoint.com/t5/API-CLI-Discussion/Mgmt-cli-show-access-rule-base-issue/m-p/208813#M8402 <P>EXT-OTT is the name of the policy package, which is made up of one or more policy layers.<BR />The layers are where the policy is defined.</P> <P>To get the top-level layers involved:&nbsp;<STRONG><FONT face="courier new,courier">mgmt_cli --format json --session-id xxx show package name Standard | jq '."access-layers"[]'</FONT></STRONG><BR />You can then look at the correct rulebase:&nbsp;<STRONG><FONT face="courier new,courier">mgmt_cli --format json --session-id xxx show access-rulebase uid 6a5b4108-a94e-4f5d-974b-8d8c431fdd5f</FONT></STRONG></P> <P>Do not use the "limit" parameter to exceed the specification in the API documentation as it is not guaranteed to return all the requested results and may result in performance issues (500 is max for show access-rulebase).<BR />Also, if you have inline layers, you will have to parse the results to find out what inline layer is referenced and do a show access-rulebase on those as well.</P> Fri, 15 Mar 2024 00:48:28 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Mgmt-cli-show-access-rule-base-issue/m-p/208813#M8402 PhoneBoy 2024-03-15T00:48:28Z