cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Robert,

I don't have a link in the "Action" Column as shown below (see parent rules # 3 and 4). Please note that I've hidden the original IP addresses and objects.

The Management server is running Gaia R80.10 with no Jumbo HF installed.

Could you please advise?

Thanks,

Nader

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Maybe it is due to sections wrapping the inline layers.

I'll check and get back to you.

Robert.

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi,

Checked with sections, looks fine - 

Are you running the tool that is installed by default on your management server or are you using the one from GitHub repo?

Robert.

0 Kudos

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

I'm running the default tool installed on the management server. Which instructions should I follow to install the latest version of this tool?

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

There is a link on the top of this post to the source of this tool, hosted on GitHub repo. But it is intended for developers, not for security engineers.

I'll generate executable files from the source code and upload to that repo, probably during next week and inform you here.

BTW, when you launch the index.html file you recieve a starting page. Under "Objects" category there should be a link to "access-layer". Can you click on the link and see the info?

Which R80.X version and hotfix take are installed on your server?

Robert.

0 Kudos

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Yes I can click on the "Access-layer" link under Objects. It shows me a page with different info.

No Hotfix has been installed on our management server and the detailed version is listed below:

******* > show version all
Product version Check Point Gaia R80.10
OS build 421
OS kernel version 2.6.18-92cpx86_64
OS edition 64-bit

****** > cpinfo -y all

This is Check Point CPinfo Build 914000176 for GAIA
[KAV]
HOTFIX_R80_10

[IDA]
HOTFIX_R80_10

[CPFC]
HOTFIX_R80_10

[FW1]
HOTFIX_R80_10

FW1 build number:
This is Check Point Security Management Server R80.10 - Build 187
This is Check Point's software version R80.10 - Build 423

[SecurePlatform]
No hotfixes..

[CPinfo]
No hotfixes..

[SmartLog]
HOTFIX_R80_10

[MGMTAPI]
No hotfixes..

[DIAG]
HOTFIX_R80_10

[SmartPortal]
No hotfixes..

[Reporting Module]
HOTFIX_R80_10

[CPuepm]
HOTFIX_R80_10

[VSEC]
HOTFIX_R80_10

[R7520CMP]
HOTFIX_R80_10

[R7540CMP]
HOTFIX_R80_10

[R7540VSCMP]
HOTFIX_R80_10

[R76CMP]
HOTFIX_R80_10

[SFWR77CMP]
HOTFIX_R80_10

[R77CMP]
HOTFIX_R80_10

[R75CMP]
HOTFIX_R80_10

[NGXCMP]
HOTFIX_R80_10

[EdgeCmp]
HOTFIX_R80_10

[SFWCMP]
HOTFIX_R80_10

[FLICMP]
HOTFIX_R80_10

[SFWR75CMP]
HOTFIX_R80_10

[rtm]
No hotfixes..

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Ok.

In the same folder where index.html file resides, there should be html files per inline layer ([inline_layer_name]-Management-server.html).

Do you see that files?

In addition, there is a "xxx.elg" file. Please attach this file here for examination.

Thanks.

0 Kudos

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

There no HTML files per Inline layer (see screenshot below).

I can't find the option to attach a text file ?!

0 Kudos
Admin
Admin

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution
0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

All stuff is fixed and uploaded to the Github repository, including a new stand-alone plug&play executable.

Please read again the instructions on the top of this page.

Robert.

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

I need your help. My customer used WebVisualization Tool in the R77.30. Now the MDS was migrated to R80.10. They were importing the files to Web Server. But now with JSON files are with any erros. It is possible export in the R80.10 the same format in the R77.30?

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi,

Currently the output is in JSON format and it is not in the same structure (due to layers) as in R77.30.

Therefore, just converting the JSON to CSV as is will not help.

Please note that it is an open source tool and it was not intended to replace the WebVisualization Tool.

Anyone can change the source code for his/her needs.

Robert.

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi,

Unfortunately we are not able to get the "Hits"-column with the "-c"-flag. I tried versions 1.25, 1.30 and 2.00 from the github-repository with different versions in /opt/CPsuite-R80/fw1/api/samples/lib via ...

-> java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -c

Export is always generated without errors, but the "Hits"-column is missing. Using the updated templates from https://github.com/CheckPointSW/ShowPolicyPackage/tree/master/src/main/resources/com/checkpoint/mgmt... in /opt/CPsuite-R80/fw1/api/samples/conf does not help. (I guess the templates are meanwhile included in the "jar".)

show_package-xxx.elg:

[7/3/18 9:00 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.showAccessRulebase()INFO]: Starting handling access layer: 'FWlab Security'

[7/3/18 9:00 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-access-rulebase' with payload: {"hits-settings":{"from-date":"1970-1-2"},"uid":"xxxxxxxxxxxxx","show-hits":true,"show-membership":true,"use-object-dictionary":true,"details-level":"full"}

[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 59 rules in : 'FWlab Security'

[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 0 inline layer(s)
[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Creating html file for layer: 'FWlab Security'

[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.showRulebase()INFO]: Done handling rulebase 'FWlab Security'

The Hit-counter via SmartConsole is working fine.

Json-file is including the hits-parameters:

...

           "hits":{
               "level":"low",
               "percentage":"0%",
               "first-date":{
                  "iso-8601":"2018-06-07T06:48+0200",
                  "posix":1528346887000
               },
               "value":240,
               "last-date":{
                  "iso-8601":"2018-06-07T06:50+0200",
                  "posix":1528347031000
               }

...

But the HTML-file is generated without the Hits-Column. How can  I use the "-c" flag?

Michael

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi Michael,

The version 1.2.5 should be enough to get the hit counts.

I'd like to examine the output of the tool (tar.gz archive file), maybe there is a bug there that incorrectly analyzes your data for hit counts.

Dameon Welch Abernathy‌, please provide Michael with the instructions to send me his file.

Thanks,

Robert.

0 Kudos

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hello,

Maybe here is a problem in the rulebase.tpl.html

   122         var firstAccessRule = data.find(function (e) {
   123             return e.type === "access-rule"
   124         });

"var data" includes the hit informations - like:

..true,"hits":{"level":"low","percentage":"1%","first-date":{"iso-8601":"2018-03-26T18:33+0200","posix":1522082001000},"value":2161669,"last-date":{"iso-8601":"2018-07-04T07:59+0200","posix":1530683943000}}..


Method "find" is not supported. (Tested with IE11 and Chrome 66.0.3359)  Sorry, I'm not familiar with "script" - could this be the problem ?

Thanks,
Michael

UPDATE: Chrome works fine - and is the solution for me! Thank youSmiley Happy

Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi,

You may be correct with your findings.

In Chrome v 67.0.3396.99 - 

In IE 11 - 

Nothing...

I'll check the code again for compatibility with other browsers/versions and fix as needed.

Great input, thank you!

Robert.

Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Release version 2.0.1 now supports IE 11 as well.

Robert.

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

hello,

each time i'm trying to run the script, i got 

[Expert@:0]# more show_package-2018-08-01_18-14-10.elg
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received: server:(-m)=10.72.22.9 domain:(-d)=MDS userRequestPackage:(
-k)=xxxx
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Local Ips: [10.72.22.27, 10.72.22.31, 10.72.22.29, 10.72.22.25, 10.72.22.9, 127.0.0.1]
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: ERROR: failed connecting to the server: 127.0.0.1
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /var/tmp/6e3740f7-bc48-420c-bd31-d768450cf24a
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2018-08-01_18-14-10.tar.gz

any idea ?

regards

Xavier

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

The tool fails to connect to the API server.

Please run command "api status" and paste the output here for analysis.

Robert.

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hello  Robert,

thanks for your reply,

i have check the " api status" command and found that we changed the tcp port of the web api server.

after adding the -n flag to the command, it works like a charm. thank you !

regards

xavier

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Are these newer release included in new JFA to the mgmt or in the new M releases?

0 Kudos
Employee++
Employee++

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

No, not yet, but it will be eventually included both in JHF and R80.20.

Anyway, GitHub repo always has the newest releases as it is instantly updateable, without bureaucracy.

Just copy the newest JAR file into your management server.

Robert.

0 Kudos
Highlighted

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hello,

since version 2.0 the use of own templates was unfortunately disabled.

We would like to export more fields (custom-fields.field-1/ custom-fields.field-2 / custom-fields.field-3). So far we had created this via customized templates and the -t flag.

Example $FWDIR/api/sample/conf/rulebase.html.template :

$FWDIR/api/sample/conf/rulebase.html.template

Is it possible to reactive the template-flag or to define new flag for additive fields?

It is possible to compile your own web_api_show_package-jar-with-dependencies.jar including customized templates.

Here are some helpful steps/hints for non-professionals:

1.) You can use a fresh installed virtual machine with CheckPoint R80.10 and internet connection. I prefer a non-productive system...

2.) Download and extract the tar.gz-sources from Releases · CheckPointSW/ShowPolicyPackage · GitHub  

3.) IMPORTANT : Download and extract a Java Develop Kit - Linux x86 and tar.gz seems to be ok.

4.) IMPORTANT : Change the environment var JAVA_HOME to the [extracted JDK-dir] with export JAVA_HOME=[your-extracted-jdk-dir]

5.) Customize your template in the extracted ShowPolicyPackage-dir under src/main/resources/com/checkpoint/mgmt_api/templates. Example for html-export with custom-fields1-3

Header:

Body:

6.) Compile your customized api_show_package-jar-with-dependencies.jar with "./mvnw clean install -X" in the [extracted ShowPolicyPackage-*-dir] 

7.) Copy the new [extracted ShowPolicyPackage-*"]/target/web_api_show_package-jar-with-dependencies.jar to the management-server in $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies

8.) Test it with java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar

Regards,

Michael

0 Kudos

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

I miss the simplicity of being able to search for objects in a single file.  Is there any method yet to create a single file extract of the policy similar to what the Web Visualization Tool did... ie, maybe something that converts the multiple files generated by the ShowPackage tool into a single html file?   

0 Kudos
hozman
Ivory

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Can you make this run on a standalone web server without installing the MDS?

0 Kudos
Admin
Admin

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution
You need to run the tool on the Management server but the files themselves can be viewed on any web server.
0 Kudos
Admin
Admin

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution
If you want to search objects in a flat file, there are other tools (or you can write API/CLI) that will provide this.
0 Kudos
S_E_
Nickel

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Hi,

I tried following on a MDSM R80.30 and it did work.

java -jar web_api_show_package-jar-with-dependencies.jar -c --show-membership true --dereference-group-members true --query-limit 500 -d DOMAIN1

 

However, trying to export Global Policy ( -d Global) the script simply stops with following message:

Script stopped running due to severe error!

 

Any tip?

Thanks

Best Regards

0 Kudos
Admin
Admin

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution
If I'm understanding sk120342 correctly, if you omit -d Global, it should work as the default is MDS level if you don't specify.

View solution in original post

Re: Show Package - Tool to visualize a R80 policy package over HTML pages

Jump to solution

Thanks Phone Boy.  What other tools would you suggest?

0 Kudos