Did you download and install the Check Point API Python SDK repository?
This is required to use this particular script.

Hi,

I have installed same. Attached screen shot.

The error message suggests the module is not installed in a place the python interpreter sees it.

I have installed in same path and it is reflected in sys.path also.

Interpreter reflecting correct path.  May be am lack in understanding. Could you please guide me.

Hi,

Here is the problem what am facing. If i run examples of cp_mgmt_api_python, it is working fine, but from same path if I execute, import_export_package am getting error. Please help me to fix this.

Hey,

From your given Output I can see that you try to execute the script with the use of relative module names ("-m" parameter). If you have installed the Check Point API Python SDK as it is mentioned in the linked GitHub page the script execution should be possible by simple typing

"python.exe import_export_package.py" [with python in the path variable as a requirement]

PS C:\Users\user\Desktop\Check Point Scripts\Scripting_Mgmt_CLI\ExportImportPolicyPackage-masterNEW> python.exe import_export_package.py

 

Welcome to the Policy Package Import/Export Tool.
What would you like to do?
1. Import a package
2. Export a package
99. Exit

---

As "ExportImportPolicyPackage-master" is your current working directory related to your screenshot the only issue I can think of is a copy/paste mistake. Please double check if the Folder "exporting" within ExportImportPolicyPackage contains the file "Export_access_rulebase" as well as all the other required files. In sum you should see 16 files in there, 8 of these should have the .py ending. In the case of some files being not present, try to download the repository as a zip again and proceed with step one.

Regards,

Maik

Hi,

As suggested, i have removed directory and downloaded as zip and placed in separate folder, but still am getting same error.

attached screen shots. Please help.

Hi, 

Attached list of files post downloading package using zip.

Hi

Attached package export path.

Hi,

Yes, it is working fine with python 2.7.9. Thanks.

Is it expected this script doesn't export gateway objects, regardless if they are internally or externally managed??

It exports gateway objects - at least internally managed ones. However as SIC can't be recreated via this script only temporary ("place holder") objects will be created, so that SIC re-establishment has to be done manually.

Limitation in R80.30??  For any CP Gateway (there are 25 of them) I have defined it fails to export it:

Object of type CpmiHostCkp with uid fcfc4ee2-1049-47b9-ba1b-ad06be4fb964 named <gateway_name> is not exportable. Its name was changed to export_error_CpmiHostCkp_fcfc4ee2-1049-47b9-ba1b-ad06be4fb964_<gateway_name>

I used the script up and including R80.20 - so I can't say anything related R80.30 test cases.

However the output that you mentioned shows this:

Object of type CpmiHostCkp with uid fcfc4ee2-1049-47b9-ba1b-ad06be4fb964 named <gateway_name> is not exportable. Its name was changed to export_error_CpmiHostCkp_fcfc4ee2-1049-47b9-ba1b-ad06be4fb964_<gateway_name>.

This should allow you to edit the related object called export_error_CpmiHostCkp_fcfc4ee2-1049-47b9-ba1b-ad06be4fb964_<gateway_name> in order to re-establish sic and set the other parameters as well as the actual gateway name. As all references to the actual gateway are also overwritten with the export_error_CpmiHostCkp_fcfc4ee2-1049-47b9-ba1b-ad06be4fb964_<gateway_name> object you don't need to overwrite anything else; all the references will be updates once the object export_error_CpmiHostCkp_fcfc4ee2-1049-47b9-ba1b-ad06be4fb964_<gateway_name> gets fixed manually. Note that this is the normal behavior as the management API is not able to handle tasks like SIC establishment and firewall blade configuration (at least not detailled).

The issue is that I have 1 internal cluster and round 23 external  gateways (combination of external and interoperable devices) - when it imported them it did so as all locally managed gateways so now i've got quite a bit of cleanup with 23 vpn communities they are all a part of.  I know how to fix it ultimately but just wanted to provide a heads up as I've used the tool in versions prior to R80.30 and don't recall this being the behavior.

The example in screenshot was interoperable devices before being imported.

The issue I've run into (merging 3 managers into 1) is that it does not export checkpoint gateways either, since it cannot export the object it also does not handle the group objects that are defined for the interfaces. I learned this after the fact when i manually created the cluster and the group object for the interface was not present, nor were the hosts that were a part of that group.

All in all i understand that this is not expected to be 100% accurate was just raising it to see if it was a known limitation of not being able to export gateway objects and any other objects associated to the gateway as well.