Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

My Security Management Setup Script

The Security Management API's let us recreate the same security configuration settings in every environment. 

I attached the API scripts that we use to set up the Cool Feature in R80.10: Cloud-Based Demo Mode  environment. Because this is a demo mode environment, the network elements are all fake and OK to use Smiley Happy

I published basically the same script but in SmartCenter mode and in Multi-Domain mode (editing just one of the domains).

You can use this as template to provision your own setup environment.

Revisions:

 

Gateways:

 

Access Control Policy with an inline layer for Application Control:

 

Access Control Policy with an inline layer for Content Awareness, and another inline layer for Rule With Exceptions:

 

An example of how an upgraded Access Control policy from R7x looks like in R80.10 - one ordered layer for network access, and one ordered layer for managing web applications:

 

Threat Prevention Policy with different profiles for different scopes behind the same gateway:

2 Replies
Highlighted
Explorer

Nice!

0 Kudos
Highlighted
Explorer

Its very nice script which will help everyone.

I am migrating below rules to checkpoint R80.40 (API)

access-rule from LAN to WAN action allow source address name "CL App 12.242" destination address name SF_10.120.22.202
access-rule from LAN to GS action allow source address name "CL App 12.242" service name TCP_1415 destination address name SF_10.120.22.202

Can you confirm below policy syntax is correct

add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "any" action "accept" track-settings.type "Log" position "1" name "rule1" install-on "chkpt" --port Any
add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "TCP_4434" action "accept" track-settings.type "Log" position "1" name "rule2" install-on "chkpt" --port 4434

0 Kudos