topic Re: query rules in checkpoint securemote in SASE and Remote Access

query rules in checkpoint securemote

raos — Sat, 18 Mar 2023 21:37:41 GMT

hello experts,

i am newbie

need to learn how to query rules in secuRemote

a url enabled in BigIP F5

find various hops happening in secuRemote until my request reaches the internet

inputs appreciated !

thanks!

rao

Re: query rules in checkpoint securemote

PhoneBoy — Mon, 20 Mar 2023 03:18:09 GMT

Not sure what you mean by “rules” in this context.
What is the precise issue you’re having?

Not sure how an F5 box relates here.
Please state versions of all related Check Point components (gateway and client) and provide a network diagram.

Re: query rules in checkpoint securemote

the_rock — Mon, 20 Mar 2023 03:30:56 GMT

Hey @raos ...welcome to the community! Just to make it easier for everyone, we always appreciate when people provide as many details as possible. As @PhoneBoy indicated, it would be nice if you could tell us exactly what you are exactly trying to do here, ie what rules are you referring to? Only rules I can think of when it comes to secure client would be secure client verification feature, unless you are referencing something related to regular security rules.

Also, I believe F5 is mostly used as load balancer, so not sure how thats releted in thos context. And yes, simple diagram helps, even if you draw something basic in paint in windows : - )

Cheers mate.

Andy

Re: query rules in checkpoint securemote

raos — Tue, 21 Mar 2023 18:03:04 GMT

thank you for the follow up team

my bad for the incomplete info in the prior post.

Let me try to explain..

To enable single sign-on for an application, I have these tools in place..

LTM, APM in BigIP F5 - virtual server, policy are defined in here

- I have access to these

route53 in AWS - dns records are in here

- I can verify with nslookup

checkpoint VPN / secuRemote - publicIP is mapped with the internal IP defined in LTM BIG IP F5

I do not have access to checkpoint vpn / secuRemote

- how to query / view the contents of checkpoint appliance

Q - To make sure all above components are configured correct, I need to view the contents defined in checkpoint/secuRemote appliance.

Is there similar way like

-- powershell to query / view AD objects

-- ldapsearch to query / view openLDAP etc

inputs appreciated

Re: query rules in checkpoint securemote

PhoneBoy — Tue, 21 Mar 2023 18:42:10 GMT

The only thing you can get on the client itself is the encryption domain (i.e. the destinations the client will send across the VPN).
This can be found by simply reviewing the routing table before and after connecting to the remote site.

In terms of reviewing the configuration on the gateway itself, there are multiple ways to do this.
However, all of them require explicit access being granted to the Check Point management to do it (either with SmartConsole, API, CLI, etc).

Re: query rules in checkpoint securemote

raos — Thu, 23 Mar 2023 23:58:19 GMT

Thank you for the details.

Curious, is there any way I can connect via Postman (API) to the gateway and trigger a lookup or query. Please review below..

I can request my network team to create - Read Only account in gateway

In Postman tool plug-in above read only cred's

Trigger a lookup query against gateway.

Inputs appreciated !

Re: query rules in checkpoint securemote

PhoneBoy — Fri, 24 Mar 2023 01:11:50 GMT

There isn’t a formal API to query the contents of the installed policy on the gateway.
The only possible way to do this is run-script to execute the necessary CLI commands.
Whether these commands contain the information you’re looking for is a separate question.

As stated previously, the best way to do this is through access to the management server API.
It is possible to grant read-only access to it.