Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vaidehi
Participant

I Like to run a python script to install the 1000 policies on firewall.

Hello,

I want to install 1000 polices on Checkpoint firewall. However, I am not familiar with the Infra environment. Anyone can please guide me to any document or explain it to me that how can I set a python environment to run a python script?

I am using GAIA R80.30

Thanks!

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

In Check Point, we refer to a policy as a collection of rules (Access Control, Threat Prevention).
The API is REST-based and you can use any programming language to interact with the API, including Python.
Several Python programs are referred to in the API/CLI Discussion space: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/bd-p/codehub
0 Kudos
vaidehi
Participant

Thank you for your response.
I am still confused. I am new to checkpoint firewall therefore really sorry , i might ask you really basic questions.

For instance, in which mode i can write a python script?
[Chkptfw]# python
bash: python: command not found
I see this error in expert mode
0 Kudos
PhoneBoy
Admin
Admin

On R80.30 Management (with the 3.10 kernel), python is in the path (specifically in /bin).
On R80.x Gateways or Standalone, the python interpreter is $FWDIR/Python/bin/python.

Note that the python interpreter installed only includes the specific libraries we use in the product.
We do not support installing additional libraries or otherwise updating the interpreter beyond what is installed.
Highly recommend using a different system if Python is your choice of language.

If you want to run things directly on the management, you're better off calling mgmt_cli via shell scripts.
0 Kudos
vaidehi
Participant

What do you mean by "different system"? Can I install polices (Access rules) using any other device? OR
Is there any script which is already installed in the management server which i can use to install polices (access rule?)?

Thanks!
0 Kudos
PhoneBoy
Admin
Admin

Different system, meaning a system that is NOT your gateway or management.
mgmt_cli is a CLI command that can be used from the management server to modify the access policy.
It's basically an API client and you have to interact with it in a similar way to be effective.
While this is an older TechTalk, a lot of the concepts still apply: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Leveraging-the-R80-10-API-to-Auto...
The API (and mgmt_cli) docs: https://sc1.checkpoint.com/documents/latest/APIs/index.html#~v1.5
0 Kudos
vaidehi
Participant

Thank you for your help!
0 Kudos
Václav_Brožík
Collaborator

Note that R80.20 and newer contain also Python 3! (I am not sure about R80.10) The python executable in path is Python 2.

There is the relatively new version 3.7.4 at $FWDIR/Python/bin/python3

Certainly I would not recommend using Python 2 to write any new code as it will be unsupported just in 4 months and after that its use will pose a security risk!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events