Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

API call to see if rule already exists

Is there an API call to see if a rule already exists? Something better than where-used? Something more along the lines of Packet Mode on the GUI.

 

0 Kudos
Reply
14 Replies
Highlighted
Employee+
Employee+

The "show access-rulebase" command has an option to filter in a similar manner as packet mode in Smartconsole.

Using demo mode in R80.20:

show access-rulebase name "Network" package "Corporate_Policy" filter "200.200.200.200" filter-settings.search-mode packet limit 2

Response (shortened):

uid: "b406b732-2437-4848-9741-6eae1f5bf112"
name: "Network"
rulebase: 
- uid: "dedb6e70-fe6c-45be-bcd3-18fab46c02dd"
  name: "Security Gateways Access"
  type: "access-section"
  from: 1
  to: 1
  rulebase: 
  - uid: "39d0e851-0f12-46c9-bd85-b402d1181fba"
    name: "Stealth rule"
    type: "access-rule"
    domain: 
      uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
      name: "SMC User"
      domain-type: "domain"
    rule-number: 2
    filter-match-details: 
    - column: "source"
      objects: 
      - "97aeb369-9aea-11d5-bd16-0090272ccb30"
   ...
    source: 
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    source-negate: false
    destination: 
    - "4a773692-84b5-4b81-a8da-320bf64081c0"
    destination-negate: false
    service: 
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    service-negate: false

.....

 

More information can be found using the management API documention from the following links.

- https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-access-rulebase~v1.2%20 

0 Kudos
Reply
Highlighted
Contributor

Thanks, I'm looking for something human-readable. Is there a way to see the rules over the CLI?

0 Kudos
Reply
Highlighted
Admin
Admin

All the API calls can be made over CLI.
However, the output is like above.
You can have mgmt_cli output in JSON then use jq to parse the output a bit, giving you only the information you want.
0 Kudos
Reply
Highlighted

Is there any easy way how to "convert" UIDs to names? In "show access-rulebase" there are all data, but for example source names are listed as uid, instead of names.

I am aware of "show object" command, but in case I have 100 sources...

The only idea I have is to check UID of specific rule and show the content via "show access-rule".

Any better way possible?

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
Highlighted
Admin
Admin

You can try adding a details-level full to the command to see if it gives you the name as well.
0 Kudos
Reply
Highlighted

full details-level wont give you the names. I also expected that, but this is not the case.

Hint from Masher is correct way - you need to use "use-object-dictionary false" parameter to give you the name.
Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
Highlighted
Employee+
Employee+

You can add the use-object-dictionary false option to include the names object names.

 

[admin@vMgmt01]# mgmt_cli -s session.id show access-rulebase name "gw01 Network" offset 12 limit 1 use-object-dictionary false
uid: "5bfb5361-84d8-4b55-a0b6-a1c309dab52b"
name: "gw01 Network"
rulebase:
- uid: "2ca377fb-003e-4890-99fa-6128112083a8"
name: "Allowed Internet Access"
type: "access-section"
from: 13
to: 13
rulebase:
- uid: "49e3ebbd-9761-4381-8951-ec2972f517a3"
name: "HTTP/HTTPS"
...
source:
- uid: "fb7f60bd-d4df-4f2d-adf8-664251f8954a"
name: "NET-10.22.33.0"
type: "network"
domain:
...
service:
- uid: "97aeb3d4-9aea-11d5-bd16-0090272ccb30"
name: "http"
type: "service-tcp"
domain:
uid: "a0bbbc99-adef-4ef8-bb6d-defdefdefdef"
name: "Check Point Data"
domain-type: "data domain"
port: "80"
- uid: "97aeb443-9aea-11d5-bd16-0090272ccb30"
name: "https"
type: "service-tcp"
...
Highlighted

Thanks for the hint, Masher !
Exactly what I was looking for 🙂
Kind regards,
Jozko Mrkvicka
0 Kudos
Reply
Highlighted
Explorer

Hi 

I tried to use 

use-object-dictionary as false but still  object name  is not coming  only getting uid ,can any one help me .

below the rest api and option i am using


url: "https://{{mserver_hostname}}/web_api/show-access-rulebase"
validate_certs: False
method: POST
headers:
X-chkp-sid: "{{ login.json.sid }}"
body:
offset: 0
limit: 20
name: "Network"
use-object-dictionary: "false"
details-level: full

Appreciate  your help in advance

0 Kudos
Reply
Highlighted
Contributor

If you are usign this api inside a script, you can levarage on the use-object-dictionray to convert the uid to an object name, or if you prefer you can use the following api call

mgmt_cli show object uid "ef82887c-d08f-49a3-a18f-a376be633848" --format json

to get the name and type for every object you need.

 

Can you share your api call and response please?

0 Kudos
Reply
Highlighted
Explorer

Thanks for your reply . 

I used the use-object-dictionary true but for some object i did not get the name.

0 Kudos
Reply
Highlighted
Explorer

Hi,

I am making call to rule base api and  using filter to grab the matching rule for source destination and port.,however the issue is for some cases i am getting correct output where source destination and port is  there but in some cases i am not getting the desired result.

i mean all other rule coming for destination but source is not coming in output.

I have one query for for using filer in packet mode do we required the live traffic on the gateway. can this packet mode filter will work on rulebase database without the live traffic.?

My api call-

- name: Checking rule base for source and destiantion
uri:
url: "https://{{mserver_hostname}}/web_api/show-access-rulebase"
validate_certs: False
method: POST
headers:
x-chkp-sid: "{{ login.json.sid }}"
body:
offset: 0
limit: 500
name: "Network"
details-level: "full"
use-object-dictionary: true
filter: "src:10.70.101.188 AND dst:10.9.17.65 AND svc:30000 AND action:6c488338-8eec-4103-ad21-cd461ac2c472"
body_format: json
register: rule_search

- set_fact:
  rule_search_result: "{{rule_search | to_json}}"

- debug:

    var: rule_search_result

 

and how to parse the output  for specific source destination and port ?

Appreciate  your help in advanced . I am totally stuck over here please help me.

 

 

0 Kudos
Reply
Highlighted
Contributor

What do you mean by live traffic?
The api call does a query for rules currently defined on the manager: your gateway could have a different version of the rulebase, if you edited it and not installed...

For sure, you can achieve the "rule lookup", using packed mode and the filter-setting(take a look to the API guide)...
In case you need to resolve ie the "uid" for the action object, i suggest you to use the api call "show object" with the uid as input

For specifc issue, please share a picture of want you want 🙂

0 Kudos
Reply
Highlighted
Explorer

Thanks Nickel for your reply.

however what I have observed whenever i am using the packet  mode  and filter the source destination and port  not getting the consistent output . that is the main issue.

I am querying the rulebase base API and applying the below mentioned filter

-

filter: "src:10.70.101.188 AND dst:10.9.17.65 AND svc:30000 AND action:6c488338-8eec-4103-ad21-cd461ac2c472" 

0 Kudos
Reply