https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127247#M5543 <P>Thanks for your reply, I've changed your command to:</P><P>clish -A -i -c "show access-rules type incoming-internal-and-vpn" -v &gt;&gt; /var/log/acl_incoming.txt<BR />clish -A -i -c "show access-rules type outgoing" -v &gt;&gt; /var/log/acl_outgoing.txt</P><P>This output is in base what we are looking for.</P><P>Is there a way to upload them directly to a sftp server like we do with the backups?&nbsp;</P> Tue, 17 Aug 2021 15:26:04 GMT Michel_de_Boer 2021-08-17T15:26:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127241#M5541 <P>Hi all, we have a lot of SMB appliances in SMP and most of all are 1500's or above. So R80 embedded gaia.</P><P>Our goal is to export the Access Policy from the appliances and match them with a previous version if there were made any changes in the policy. First of all we need to export the policy to a file. In SMP I can run some show commands but an export or something will fail. I think those are gaia commands and not embedded gaia supported.</P><P>I've read and tried a lot of posts from others over here but those solutions are relevant to full blown gaia solutions.</P><P>Can somebody provide me a way how to achieve our goal?</P> Tue, 17 Aug 2021 14:38:47 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127241#M5541 Michel_de_Boer 2021-08-17T14:38:47Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127242#M5542 <P>There is an option from CLI. Log into Expert Mode and issue:</P> <DIV class="page" title="Page 23"> <DIV class="layoutArea"> <DIV class="column"> <P><SPAN>[Expert]# clish -A -i -c "show configuration" -v &gt;&gt; /var/log/config.txt</SPAN></P> <P><SPAN>Now, backup and delete&nbsp;/var/log/config.txt (by CLI or WinSCP) - it will contain all settings including policy !</SPAN></P> </DIV> </DIV> </DIV> Wed, 18 Aug 2021 06:47:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127242#M5542 G_W_Albrecht 2021-08-18T06:47:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127247#M5543 <P>Thanks for your reply, I've changed your command to:</P><P>clish -A -i -c "show access-rules type incoming-internal-and-vpn" -v &gt;&gt; /var/log/acl_incoming.txt<BR />clish -A -i -c "show access-rules type outgoing" -v &gt;&gt; /var/log/acl_outgoing.txt</P><P>This output is in base what we are looking for.</P><P>Is there a way to upload them directly to a sftp server like we do with the backups?&nbsp;</P> Tue, 17 Aug 2021 15:26:04 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127247#M5543 Michel_de_Boer 2021-08-17T15:26:04Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127249#M5544 <P>Why not cook an Ansible playbook to do it all and download the configs to the right place!? Run it on weekly (whatever your SOP is) basis, and don't have so many custom scripts.</P> Tue, 17 Aug 2021 15:48:49 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127249#M5544 Art_Zalenekas 2021-08-17T15:48:49Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127296#M5545 <P>My first idea was to point out these in the CLI Guide to you&nbsp;8)</img>. But then i thought you are better off with one command and a procedure. Good if these two outputs are enough to achieve your goal !</P> <P>Usually, SCP is used for file transfer.</P> Wed, 18 Aug 2021 07:01:14 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Export-Access-Policy-to-file/m-p/127296#M5545 G_W_Albrecht 2021-08-18T07:01:14Z