cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Raymondn
Iron

Adjust Threat-Protection Action

I am trying to use the "mgmt" commands to adjust IPS protection.

For example, I want to set the protection "FTP Commands" action from "inaction to "detect" for Threat protection profile "DMZ_Protection".

How can I do this?

 

Reading this:

https://sc1.checkpoint.com/documents/R80/APIs/index.html#gui-cli/set-threat-protection

I got an idea.  However, the part I don't understand is how to correctly use the "profiles name" in the command so I am only adjusting the action of the protection only on a specific Threat profile.

 

The example from the doc show "overrides.1.profile", but I don't really understand the meaning of "1" here.

 

Thanks in advance for any explanation about how to deal with those "List: Object" parameter.

 

0 Kudos
6 Replies
Employee++
Employee++

Re: Adjust Threat-Protection Action

overrides.1.profile and overrides.2.profile etc. allows you to run the command on several profiles at the same time by just giving the name of the first profile after overrides.1.profile and so on.

 

In the example you can see they refer to two different profiles - New Profile 1 and New Profile 2

set threat-protection name "Aggressive Aging" overrides.1.profile "New Profile 1" overrides.1.action "Prevent" overrides.1.track "Log" overrides.1.capture-packets true overrides.2.profile "New Profile 2" overrides.2.action "Prevent" overrides.2.track "Log" overrides.2.capture-packets true

 

This is also true in the other examples

HTH

Tal

0 Kudos
Raymondn
Iron

Re: Adjust Threat-Protection Action

Thanks.  

I manage to get this to work.

 

Want to ask about the "show threat-protection".  From the doc, it appears that it would accept parameter "profiles".  I was trying to do that in hope to get the result of a specific threat protection setting on a specific profile.

 

Command:

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profile "draas-fw-a1_Protection"

 

I also tried this ("profiles" vs "profile"):

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profiles "draas-fw-a1_Protection"

 

Both give me error:

MGMT9000 code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [profile]"

 

I wonder if the "profile" (or profiles) is a valid input parameter, or if it is a typo in the doc, or I just didn't use this parameter correctly.

 

Any inputs?  Thanks.

 

 

0 Kudos
Admin
Admin

Re: Adjust Threat-Protection Action

show threat-protection doesn't accept "profile" as a parameter.
I suspect you want set threat-protection, which has somewhat different parameters.
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-threat-protection~v1.5%20
0 Kudos
Highlighted
Raymondn
Iron

Re: Adjust Threat-Protection Action

Thanks.

 

Good to know.  It appears the doc has a lot of room for improvement regarding the typo and the acceptable parameters on various commands.

0 Kudos
Admin
Admin

Re: Adjust Threat-Protection Action

There is always room for improvement, but you had an older link for the documentation that might not be getting updated.
The one I provided should be getting continual updates.
0 Kudos
Raymondn
Iron

Re: Adjust Threat-Protection Action

good to know. thx for link you provided.
0 Kudos