https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276465#M46123 <P>I agree with&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73547">@Lesley</a>.</P> <P>Alternatively you could export the logs in text format and create a script to extract the information based on the rule UID (this ID doesnt't change if you add rules above), or, if you have time, use Log Exporter to export logs for the specific rule to a syslog server and eventually, create a script on this syslog server that import the logs into a SQL database to simplify queries (in the past I've done something similar, by creating a script that read logs, filters out specific information like source, destination, protocol and port, and import these information in a MySQL DB).</P> Tue, 05 May 2026 07:11:37 GMT simonemantovani 2026-05-05T07:11:37Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276462#M46121 <P>Hi Team,</P> <P>I am curious whether there exists a pre-made script or extension that can display the ports utilized for rules that have ANY as a service. I am currently developing a Python script; however, the challenge arises when someone adds a rule either above or below, as this alters the rule number, making it difficult to identify the correct results later. Therefore, I am inquiring if such results are achievable. I attempted to use SmartView, but it is taking a considerable amount of time. Does the community have any readily available solutions for this?</P> <P>Thanks and Regards,</P> <P>Blason R</P> Tue, 05 May 2026 05:23:11 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276462#M46121 Blason_R 2026-05-05T05:23:11Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276464#M46122 <P>Maybe give this one a try? Not sure if you can find ''any'' services:</P> <P><A href="https://community.checkpoint.com/t5/SmartConsole-Extensions/Policy-Audit-Extension/m-p/272730#M605" target="_blank">https://community.checkpoint.com/t5/SmartConsole-Extensions/Policy-Audit-Extension/m-p/272730#M605</A></P> <P>Alternative:</P> <P>compliance blade can also do this.&nbsp;</P> <P>Or Policy auditor / insights</P> <P><A href="https://community.checkpoint.com/t5/Firewall-and-Security-Management/This-Month-s-Spotlight-Features-You-Should-Start-Using-Today/td-p/268548#:~:text=Policy%20Auditor%20is%20currently%20available,to%20the%20relevant%20policy%20rules" target="_blank">https://community.checkpoint.com/t5/Firewall-and-Security-Management/This-Month-s-Spotlight-Features-You-Should-Start-Using-Today/td-p/268548#:~:text=Policy%20Auditor%20is%20currently%20available,to%20the%20relevant%20policy%20rules</A>.</P> <P>&nbsp;</P> Tue, 05 May 2026 06:48:51 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276464#M46122 Lesley 2026-05-05T06:48:51Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276465#M46123 <P>I agree with&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73547">@Lesley</a>.</P> <P>Alternatively you could export the logs in text format and create a script to extract the information based on the rule UID (this ID doesnt't change if you add rules above), or, if you have time, use Log Exporter to export logs for the specific rule to a syslog server and eventually, create a script on this syslog server that import the logs into a SQL database to simplify queries (in the past I've done something similar, by creating a script that read logs, filters out specific information like source, destination, protocol and port, and import these information in a MySQL DB).</P> Tue, 05 May 2026 07:11:37 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276465#M46123 simonemantovani 2026-05-05T07:11:37Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276466#M46124 <P>If the rule is logged you can filter logs for that rule in the log viewer and then look at 'Top Services'. It won't be accurate for too far back (as it won't load all the logs) but if your goal is to limit the services matching you can add another rule over your 'any' rule with the same sources and destinations, and put your identified services that are doing most of the matching and that you want to allow in there, to take them out of the 'any' rule. Keep doing that until you have all the services you need and you'll have it cleaned up eventually.</P> <P>Else the new Policy Insights service can be of service here to basically figure all that out for you.</P> Tue, 05 May 2026 07:33:10 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276466#M46124 emmap 2026-05-05T07:33:10Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276468#M46125 <P>This approach does not appear to be appropriate, as exporting the logs may lead to inconsistencies if someone has added or deleted a rule. Consequently, the numbers will not align, and the results will, of course, differ.</P> Tue, 05 May 2026 07:42:04 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276468#M46125 Blason_R 2026-05-05T07:42:04Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276469#M46126 <P>Yes, I am aware of that; however, it would be challenging once more, as we have five firewall administrators, making it consistently difficult to maintain the rule numbers. Additionally, since this is a manual task and we have over 400 rules, with approximately 60 of those identified as Any Service, it is causing me an issue.</P> Tue, 05 May 2026 07:44:27 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276469#M46126 Blason_R 2026-05-05T07:44:27Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276470#M46127 <P>I understand, in this case you should evaluate to adopt a tool like Policy Auditor or some other 3rd party product like Tufin; on of these solutions will give you the information and visibility you need in a faster way with little effort.</P> Tue, 05 May 2026 07:51:47 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276470#M46127 simonemantovani 2026-05-05T07:51:47Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276497#M46134 <P>The rule numbers change, sure, but the rule UUID doesn't. Just use that in the filter.</P> Tue, 05 May 2026 13:38:07 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276497#M46134 Bob_Zimmerman 2026-05-05T13:38:07Z https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276521#M46138 <P>The best way to refer to a specific rule is by uid, not by rule number.<BR />This way, you don't have to worry about its precise position in the rulebase.</P> Tue, 05 May 2026 16:20:45 GMT https://community.checkpoint.com/t5/General-Topics/Identify-ports-on-a-rule-having-Any-Service-Access/m-p/276521#M46138 PhoneBoy 2026-05-05T16:20:45Z