topic updating checkpoint firewall rules comments based on rule UID in General Topics

updating checkpoint firewall rules comments based on rule UID

Vardhan — Tue, 26 Dec 2023 07:25:10 GMT

updating checkpoint firewall rules comments based on rule UID

Hello Mates,

I have task to update the comments in the list of firewall rules based on rule UID. Is there any through to perform this activity through management server console CLI or any other way. I am asking this query because i need to update around 1600 rule comments based on UID. Here Comment is same for all the rules.

After updating the comments, i want to disable these rules. Please suggest how to proceed.

Thank you very much in advance.

thanks

Re: updating checkpoint firewall rules comments based on rule UID

_Val_ — Thu, 28 Dec 2023 08:05:13 GMT

It is unclear what you are trying to achieve

Re: updating checkpoint firewall rules comments based on rule UID

G_W_Albrecht — Thu, 28 Dec 2023 08:29:43 GMT

Should be possible using Management API, see in API / CLI discussions and the documentation !

Re: updating checkpoint firewall rules comments based on rule UID

Alex- — Fri, 29 Dec 2023 03:34:58 GMT

That shouldn't be too complex. Assuming you have a flat file with the UID's, you can use the Management API to iterate through that file, set the comment and disable the rule.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-access-rule~v1.9%20

Your syntax would be something like this.

#!/bin/bash file_path="path/uid_list.txt" i=0 mgmt_cli login user "username" password "password" --format json > sessionid.json while IFS= read -r uid; do ((i++)) mgmt_cli set access-rule layer YourLayerName uid $uid enabled False comments "your comment" --format json -s sessionid.json if [ $i -eq 100 ]; then echo "100 iterations reached, publishing" mgmt_cli publish --format json -s sessionid.json i=0 fi done < "$file_path" mgmt_cli publish --format json -s sessionid.json mgmt_cli logout --format json -s sessionid.json rm sessionid.json

You will need to find the uid or name of the layer as it is a mandatory parameter.

Re: updating checkpoint firewall rules comments based on rule UID

JozkoMrkvicka — Thu, 28 Dec 2023 11:01:56 GMT

Do you have any comments in affected rules? If so, would you like to save the existing comments ? If you dont care if and what is/was the comment in affected rules, then just follow steps provided by Alex. If there was any existing comment, the script will overwrite them with new comment.

If you need to add a new comments to the existing ones, little bit of more lines within the script will be needed (first check what is comment, store it and add new comment with added text at the end).

Re: updating checkpoint firewall rules comments based on rule UID

PhoneBoy — Thu, 28 Dec 2023 14:40:35 GMT

This can be done via the API/CLI, yes.
The relevant endpoint is set access-rule: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.9.1%20
You can set the comment and disable the rule in the same call.
A "publish" action is recommended every 100 or so actions.

Re: updating checkpoint firewall rules comments based on rule UID

genisis__ — Fri, 29 Dec 2023 11:43:58 GMT

If you are asking about adding comments between existing rules, then yes this can be done, and rules can be disabled. I generally use mgmt_cli commands to do this as I'm not really a scripter.

See example below, may not be exactly what you need but should help:

session=`mgmt_cli -r true login --format json| jq -r '.sid'`

# Create new rule - with a section heading, note the order.
mgmt_cli --session-id $session add access-rule name "Test Rule" layer "<POLICYFILE NAME> <Layer Name>" position.below "a4a975d6-3e42-490a-90a2-c2ab96xxxxx" source.1 "<src objectname>" destination.1 "<dst objectname>" action "accept" service.1 "http" track "log" comments "New Rule"
mgmt_cli --session-id $session add access-section layer "<POLICYFILE NAME> <Layer Name>" position.below "a4a975d6-3e42-490a-90a2-c2ab96xxxxx" name "Section related to new test rules"

# Publish changes made
mgmt_cli --session-id $session publish
session=`mgmt_cli -r true login --format json| jq -r '.sid'`

# Push policy - Single GWs
mgmt_cli --session-id $session install-policy policy-package "<POLICYFILE NAME>" access true threat-prevention true

Re: updating checkpoint firewall rules comments based on rule UID

Alex- — Thu, 28 Dec 2023 18:21:41 GMT

Fair point about publishing at intervals given the size of the rules to modify, I've added a conditional check in the script to publish every 100 iterations.

@JozkoMrkvicka Correct about the comment, given OP's message it appears the rules are already defined anyway to have a standardised comment and be disabled. Otherwise the comment first need to be extracted with show access-rulebase, saved in a variable and then append whatever the final comment should be.

Re: updating checkpoint firewall rules comments based on rule UID

Bob_Zimmerman — Thu, 28 Dec 2023 22:05:58 GMT

One note: this may need to be modified if the management is set to require a session name or description. I wrote a BASH framework for running an arbitrary number of management API commands locally on a system. You name and describe the session once at the top, then it handles publishing every X commands and setting up the new session.