https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62379#M2379 <P>Hi all,</P><P>&nbsp;</P><P>I want to analyze the configuration on older firewall appliances (1450) with R77.20.80.</P><P>In expert mode I found a lua script that seemed to export the whole configuration as CSV, that I can call as</P><LI-CODE lang="markup"># lua /pfrm2.0/bin/cli/showConfig.lua</LI-CODE><P>The output looks good so far except for the port forwarding on a server definition:</P><LI-CODE lang="markup">add server name "JTBCK01" ipv4-address "a.b.c.d" dhcp-exclude-ip-addr "on" dhcp-reserve-ip-addr-to-mac "off" dns-resolving "false" set server server-ports "JTBCK01" web-server "off" mail-server "off" dns-server "off" ftp-server "off" citrix-server "off" pptp-server "off" custom-server "on" set server server-access "JTBCK01" access-zones "all-zones" allow-ping-to-server "on" log-blocked-connections "on" log-accepted-connections "on" set server server-nat-settings "JTBCK01" nat-settings "port-forwarding" port-address-translation "off" force-source-hide-nat "on"</LI-CODE><P>This server uses a non-standard port and I can see the port definition in the web interface but nowhere in the output of the above mentioned script.</P><P>Is there anything I am missing or are there better ways to analyze configurations from older firewalls.</P><P>Thanks for your help.</P><P>Kind regards,</P><P>Mathias</P> Tue, 10 Sep 2019 12:45:24 GMT Mathias_Weidner 2019-09-10T12:45:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62379#M2379 <P>Hi all,</P><P>&nbsp;</P><P>I want to analyze the configuration on older firewall appliances (1450) with R77.20.80.</P><P>In expert mode I found a lua script that seemed to export the whole configuration as CSV, that I can call as</P><LI-CODE lang="markup"># lua /pfrm2.0/bin/cli/showConfig.lua</LI-CODE><P>The output looks good so far except for the port forwarding on a server definition:</P><LI-CODE lang="markup">add server name "JTBCK01" ipv4-address "a.b.c.d" dhcp-exclude-ip-addr "on" dhcp-reserve-ip-addr-to-mac "off" dns-resolving "false" set server server-ports "JTBCK01" web-server "off" mail-server "off" dns-server "off" ftp-server "off" citrix-server "off" pptp-server "off" custom-server "on" set server server-access "JTBCK01" access-zones "all-zones" allow-ping-to-server "on" log-blocked-connections "on" log-accepted-connections "on" set server server-nat-settings "JTBCK01" nat-settings "port-forwarding" port-address-translation "off" force-source-hide-nat "on"</LI-CODE><P>This server uses a non-standard port and I can see the port definition in the web interface but nowhere in the output of the above mentioned script.</P><P>Is there anything I am missing or are there better ways to analyze configurations from older firewalls.</P><P>Thanks for your help.</P><P>Kind regards,</P><P>Mathias</P> Tue, 10 Sep 2019 12:45:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62379#M2379 Mathias_Weidner 2019-09-10T12:45:24Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62385#M2380 <P>This is not an older firewall, but a SMB device from April 2016 - so the question should be under&nbsp;<A href="https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/bd-p/smb-smp" target="_blank">https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/bd-p/smb-smp</A> !</P> <P>&nbsp;</P> <P>About the show config.lua: This can simply be called in CLISH as described in my&nbsp;<A id="link_18" class="page-link lia-link-navigation lia-custom-event" href="https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/Configuration-transfer-between-different-SMB-models/m-p/38898" target="_blank" rel="noopener">Configuration transfer between different SMB models.</A></P> Tue, 10 Sep 2019 14:00:46 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62385#M2380 G_W_Albrecht 2019-09-10T14:00:46Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62389#M2381 <P>Sorry for my ignorance. I wasn't aware that the post should be under " <SPAN class="lia-link-navigation crumb-board lia-breadcrumb-board lia-breadcrumb-forum lia-link-disabled">SMB Appliances and SMP</SPAN>" and neither did I know the CLISH command.</P><P>The CLISH command gives me the same output but unfortunately the port for the custom-server is still missing.</P><P>I guess I have to be aware of this and fill in the missing pieces from the web interface.</P><P>Thanks for your reply.</P> Tue, 10 Sep 2019 15:25:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62389#M2381 Mathias_Weidner 2019-09-10T15:25:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62542#M2382 <P>You do not need the web interface as all is also available on the CLI: <A href="http://downloads.checkpoint.com/dc/download.htm?ID=61963" target="_blank" rel="noopener">Check Point R77.20.80 600/700/1100/1200R/1400 Appliance CLI Reference Guide</A></P> <P>Just try a</P> <P>#&nbsp;show servers<SPAN class="Apple-converted-space">&nbsp;</SPAN></P> <P><SPAN class="Apple-converted-space">or</SPAN></P> <P><SPAN class="Apple-converted-space">#&nbsp;show server &lt;name&gt;</SPAN></P> Thu, 12 Sep 2019 07:28:16 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Analyze-firewall-config-on-checkpoint-appliance/m-p/62542#M2382 G_W_Albrecht 2019-09-12T07:28:16Z