Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Samiron_Mallick
Participant
Jump to solution

Disable a rule on R80.10 using Python Web API

Hello,

I have a management server running R80.10, which has almost 20 devices connected and has hundreds of rules defined. I wanted to disable rules that are not in use currently via Web API using Python script. Please guide me if there is way to do the same.

Please help me.

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

set-access-rule has an option to enable/disable the rule.

View solution in original post

0 Kudos
14 Replies
PhoneBoy
Admin
Admin

There's an example of this already: 

Nüüül
Advisor

Hi

someone already did a script like that here.

https://community.checkpoint.com/docs/DOC-2640?commentID=3239#comment-3239 

If you want to script it by yourself. You could use the SDK from Check Point, which then is handling your session.

GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit 

There are some examples included like "adding host" and so.

Daniel

Amiad_Stern

We are working on a comprehensive tool (python) to disable/delete rules based on hitcount.

Tool will run in few modes: plan , apply , apply without publish

You will be able to set global thresholds of "non hit period" for disable / delete rules and you will be able to override them per rule. In addition you will be able to skip specific rules / packages. You will get json output for all deleted/disabled/skipped rules (and the reason they were skipped, for example, rule with GW that its hitcount is off).

You will be able to adjust our script to fit your logic (for example, set rule at the bottom of policy afetr disabling it)

We are planning to release this tool by mid October. 

Samiron_Mallick
Participant

Hello,

Is this released Amiad Stern‌ ? If so, where can i find that.

Thanks a lot.

Sam

0 Kudos
Amiad_Stern

We have some delays. We are in final stages of approvals. I will add comment to this thread as well upon tool release. 

Amiad_Stern

Updating that we released it GitHub - CheckPointSW/PolicyCleanUp  

0 Kudos
Samiron_Mallick
Participant

Thank you very much for the link provided here. It helped a lot. 

Actually i am writing python code which fetches JSON data using web_api. The issue i am reporting here is:

If i do api call with below code, i usually get details about all the rules inside each rulebase. 

https://{{server}}/show-access-rulebase

{
"offset" : 0,
"limit" : 500,
"name" : "rulebase_name",
"details-level" : "standard",
"use-object-dictionary" : true
}

however looking at each rule inside it, if i want to fetch values from "source, destination,service" etc., i get only encrypted id's but not the actual names. 

"rule-number": 1,                        # contents have been deleted those not related with the issue
"source": [
"697bb7e0-0dfe-4070-a21a-68858fhkdaae98c",
"349fb05c-99b2-4fb2-aea6-7b447dhyt0e661c"
],
"source-negate": true,
"destination": [
"97aeb369-9aea-11d5-bd16-00902fgt72ccb30"
],
"destination-negate": false,
"service": [
"ef245528-9a3d-11d6-9eaa-3e5a6fvgtdd6a6a",
"dff4f7ba-9a3d-11d6-91c1-3e5a6fdd5lpo151",
"24bee257-6b37-49bb-99aa-557d993akol0e48",
"97aeb45c-9aea-11d5-bd16-0090272ciuycb30",
"97aeb471-9aea-11d5-bd16-0090272treccb30"
],
"service-negate": false,
"vpn": [
"97aeb369-9aea-11d5-bd16-0090272ccmkqb30"
],
"action": "6c488338-8eec-4103-ad21-cd4sov61ac2c473",
"action-settings": {},
"content": [
"97aeb369-9aea-11d5-bd16-0090272ftmccb30"
],
"content-negate": false,
"content-direction": "any",
"comments": "My Comment",
"enabled": true,
"uid": "fcc5a2c8-3a78-4cc5-9fd3-e7bd5gyp9eb36ba",
"name": "sam@gmail.com",
"type": "access-rule",
},

But the same is available if I do api call to "show-access-rule" with specific rule

{                                         # contents have been deleted those not related with the issue
"uid": "fcc5a2c8-3a78-4cc5-9fd3-e7bd59ebfgy36ba",
"name": "sam@gmail.com",
"type": "access-rule",
"source": [
{
"uid": "293ef5ba-5235-464e-9247-bda2frt6229a998",
"name": "abcd.example.com",
"type": "host",
"ipv4-address": "192.168.1.40"
},
"destination": [
{
"uid": "b17d4573-ad1a-4126-ae6d-c874efoqa919cda",
"name": "efgh.example.com",
"type": "CpmiClusterMember",
}
],
"service": [
{
"uid": "18ec9eaa-1657-4240-ab97-5f234623336b",
"name": "ssh",
"type": "service-tcp",
"port": "22"
}
],

Question: Is there any way that can show the actual data while doing api call using show-access-rulebase ? 

0 Kudos
PhoneBoy
Admin
Admin

The result of the API call provides an objects-dictionary.

This can be used to deference all the object UIDs returned as part of the rulebase.

0 Kudos
Samiron_Mallick
Participant

Thank you very much. I am able to figure this out now. 

However can you please let me know if there is anything i missed below. My only goal is to list only rules that has not been used after the "to-date" including rule that never used. 

With the below code if I change the "to-date" and run to test if that works, i am getting same rule with different "to-date" value. Which seems not actual. Ran the command with "show-access-rulebase" API call.

# Input with "to-date" : "2018-04-06"
#####################################
{
"offset" : 0,
"limit" : 500,
"name" : "my Security",
"details-level" : "standard",
"show-hits" : true,
"use-object-dictionary" : false,
"hits-settings" : {
   "from-date" : "2000-01-01",
   "to-date" : "2018-04-06"
   }
}
# Output with "to-date" : "2018-04-06"
######################################
"rule-number": 1,
"hits": {
   "percentage": "1%",
   "level": "low",
   "value": 38032181,
   "first-date": {
      "posix": 1473045718000,
      "iso-8601": "2016-09-04T22:21-0500"
   },
   "last-date": {
      "posix": 1523003466000,
      "iso-8601": "2018-04-06T03:31-0500"
   }
},

# Input with "to-date" : "2017-08-06"
#####################################
{
"offset" : 0,
"limit" : 500,
"name" : "my Security",
"details-level" : "standard",
"show-hits" : true,
"use-object-dictionary" : false,
"hits-settings" : {
   "from-date" : "2000-01-01",
   "to-date" : "2017-08-06"
   }
}
# Output with "to-date" : "2017-08-06"
######################################
"rule-number": 1,
"hits": {
   "percentage": "0%",
   "level": "low",
   "value": 31325295,
   "first-date": {
      "posix": 1473045718000,
      "iso-8601": "2016-09-04T22:21-0500"
   },
   "last-date": {
      "posix": 1502012563000,
      "iso-8601": "2017-08-06T04:42-0500"
   }
},

However with "show-access-rule" API if i try to fetch data for the rule#1 i get different output as below.

# Input
#########

{
"rule-number": 1,
"layer" : "my Security",
"show-hits" : true
}

# Output
#########

"hits": {
   "percentage": "1%",
   "level": "low",
   "value": 62724501,
   "first-date": {
      "posix": 1473045718000,
      "iso-8601": "2016-09-04T22:21-0500"
   },
   "last-date": {
      "posix": 1538583391000,
      "iso-8601": "2018-10-03T11:16-0500"
   }
},

0 Kudos
PhoneBoy
Admin
Admin

That suggests a bug of some sort.

Please open a support ticket and we can have a look. 

0 Kudos
PhoneBoy
Admin
Admin

I should note Samiron Mallick‌ that there is a new feature in API 1.3 (aligned with R80.20 release) that actually will allow you to output "the actual data" as you refer to it.

It's called "Show as Ranges" and it's a new parameter to the show-access-rulebase API call.

There are some limits to this (only allows output of 20 rules).

Samiron_Mallick
Participant

I am having the last query to this thread.

I found "delete-access-rule" WebAPI command to delete access rule. But unable to find command to DISABLE rules. My requirement is to DISABLE rules via WebAPI.

Ex: https://my-management:port/web_api/delete-access-rule

Tried "disable-access-rule" but no luck as that is not a valid command.

Is it possible to disable access-rule via WebAPI ? if so what is the command.

Thanks,

Sam

0 Kudos
PhoneBoy
Admin
Admin

set-access-rule has an option to enable/disable the rule.

0 Kudos
Samiron_Mallick
Participant

Thank you this worked as expected.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events