Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FelipeTropeia
Participant

Deleting object even though being used in a rule via API

I would like to know if there is any way to do this as I am decommissioning a datacentre that contains over 200 objects to be deleted and they are spread over 800 rules in different policies and doing it manually will take a long time.

3 Replies
PhoneBoy
Admin
Admin

This is precisely what the where-used API call is for, to help you locate where a particular object is being used.
So at a high level, you'd loop through the relevant objects to:
1. Determine what rules (or where else) each object is used.
2. Remove/replace each usage, being careful not to remove the last entry from a rule so it's Any (which may give you an undesirable result).
0 Kudos
FelipeTropeia
Participant

But with where-used API could I delete objects that are still being used by a rule? Would you have any scripts developed for this?
I was thinking of a script that you can search using a network and sub-net so it would show the list of all objects in then you would have the option of generating a file and deleting the objects.
PhoneBoy
Admin
Admin

where-used only shows you where a given object is used.
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/where-used~v1.5%20

If you don't know the object, you would use the "show objects" API using the filter parameter to filter on IP (or whatever).
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/show-objects~v1.5%20

To modify rules: https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/set-access-rule~v1.5%20
Note that objects may be used in places other than rules (e.g. in configuration) so it's important to parse the results of where-used appropriately.

As far as I know, no one has scripted all this together and posted it here, but it's certainly doable.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events