cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

web_api_show_package.sh script shows rulebases and objects as html files

On the first HFA version of R80 you can find in $FWDIR/scripts folder script called web_api_show_package.sh

This script create tgz file that contains html files of policy packages include related objects.

You can run the script without parameters and it will run with defaults, in case you want to change parameters you can see below related optional parameters:

  1. management server -m, in case you want to get the policy from other server and not your server
  2. user name -u, in case you use the -m option)
  3. password -p, in case you use the -m option)
  4. gateway -g, to get the policy package installed on a specific gateway
  5. domain -d, to get package of specific domain
  6. package -k, package to show
  7. template directory -t, template directory that include template files for editing the html files

When script will finish you you will be able to find index.html file inside the tgz file, you should first open this file and navigate from the index.html to all other files.

Enjoy.

2 Replies

Re: web_api_show_package.sh script shows rulebases and objects as html files

I have a MDM server in the test environment and imported the configuration from the production environment. When I run the show package tool I will get the error that the packages found were not installed on a gateway.

I run it on a CMA (trusted) but get more or less the same error when I run it on the MDM itself.

 

[Expert@MDM01:0]# ./web_api_show_package.sh -d Trusted
More than one package exists but neither one of them is installed on a gateway.
In order to show a specific package, run with -k [package name].
In order to show all the existing packages, run with -v

Script finished running successfully!
Result file location: show_package-2017-08-15_03-54-00.tar.gz

 

[Expert@MDM01:0]# tar -tvf show_package-2017-08-15_03-54-00.tar.gz
-rw-r--r-- 0/0            3848 2017-08-15 15:54:24 show_package-2017-08-15_03-54-00.elg
-rw-r--r-- 0/0            6926 2017-08-15 15:54:22 index.html
-rw-r--r-- 0/0              41 2017-08-15 15:54:22 index.json

 

[Expert@MDM01:0]# more show_package-2017-08-15_03-54-00.elg
[Tue Aug 15 15:54:01 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received:  domain:(-d)=Trusted
[Tue Aug 15 15:54:01 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[Tue Aug 15 15:54:01 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Local Ips: [172.29.121.153, 172.29.121.155, 172.29.121.154, 172.29.121.156, 127.0.0.1]
[Tue Aug 15 15:54:03 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Login As root: true
[Tue Aug 15 15:54:03 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Login with 'read-only' flag.
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.writeTheVersionsToTheLogger()INFO]: Management API running version: 1.1
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.writeTheVersionsToTheLogger()INFO]: show_package v1.1.3
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.writeTheVersionsToTheLogger()INFO]: Chosen port: 443
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Chosen server IP: 127.0.0.1
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Login response: {"api-server-version":"1.1","last-login-was-at":{"iso-8601":"2017-08-15T15:31+0200","posix":1502803879},"standby":false,"read-only":true,"url":"https:\/\/127.0.0.1:443\/web_api","sid":"5ry-lWVEKbEqs_Hk4JgFhOLPXKHTf3hYpQlDedx_mdw"}
[Tue Aug 15 15:54:04 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-gateways-and-servers' with details level 'full'
[Tue Aug 15 15:54:13 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 47 gateways from 'show-gateways-and-servers'
[Tue Aug 15 15:54:13 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.collectGatewaysInUseAndInstalledPolicies()INFO]: Found 0 gateways that have a policy installed on them
[Tue Aug 15 15:54:13 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-vpn-communities-star' with details level 'full'
[Tue Aug 15 15:54:13 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-vpn-communities-meshed' with details level 'full'
[Tue Aug 15 15:54:14 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 2 vpn communities
[Tue Aug 15 15:54:14 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-packages' with details level 'full'
[Tue Aug 15 15:54:22 CEST 2017 com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 23 packages
[Tue Aug 15 15:54:22 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.showPackages()INFO]: Packages which were found on the management: [BT--FRW28-Wota, BT--FRW45_VSX, BT-BX--FRW11-12-GPD-oranje, BT-BX--FRW24-RI, BT-BX--FRW38-39-RC, BT-BX--FRW43-44_VSX, BT-BX-OTA-P-scheiding-Perform, BT-BX-WS-Beheer-HP, BT-FRW1-2-Simpel, BT-FRW1-2-Test, BT-FRW1-2-Test_Traditional, Default-NG, GANBHR, GENLB, INF-WIFI, IPTBHR, ISBHR, OPS, STORBHR-EMC, test-bt--frw98-99, test-mark, zDeletedRules-Dummy, ZT--FRW35-Testnetwerk]
[Tue Aug 15 15:54:22 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.showPackages()INFO]: Packages which were installed on gateways: []
[Tue Aug 15 15:54:24 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script finished running successfully!
[Tue Aug 15 15:54:24 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /opt/CPsuite-R80/fw1/scripts/f4fa6147-04e9-4679-8cd2-32b2399e6e6e
[Tue Aug 15 15:54:24 CEST 2017 com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2017-08-15_03-54-00.tar.gz

 

When I try it on a package it works : [Expert@MDM01:0]# ./web_api_show_package.sh -d Trusted -k BT--FRW28-Wota

Script finished running with warnings!
Result file location: show_package-2017-08-15_04-10-22.tar.gz

 

[ExpertMDM01:0]# tar -tvf show_package-2017-08-15_04-10-22.tar.gz
-rw-r--r-- 0/0         1434330 2017-08-15 16:12:41 BT--FRW28-Wota_objects.html
-rw-r--r-- 0/0           95956 2017-08-15 16:12:39 BT--FRW28-Wota NAT-Trusted.json
-rw-r--r-- 0/0            8479 2017-08-15 16:12:41 index.html
-rw-r--r-- 0/0          240001 2017-08-15 16:12:33 BT--FRW28-Wota Security-Trusted.html
-rw-r--r-- 0/0            1233 2017-08-15 16:10:41 BT--FRW28-Wota Application-Trusted.json
-rw-r--r-- 0/0          136998 2017-08-15 16:12:39 BT--FRW28-Wota NAT-Trusted.html
-rw-r--r-- 0/0            1594 2017-08-15 16:12:41 index.json
-rw-r--r-- 0/0           43577 2017-08-15 16:10:41 Generiek_Trusted Security-Global.html
-rw-r--r-- 0/0          200914 2017-08-15 16:12:33 BT--FRW28-Wota Security-Trusted.json
-rw-r--r-- 0/0           10255 2017-08-15 16:12:47 show_package-2017-08-15_04-10-22.elg
-rw-r--r-- 0/0           42222 2017-08-15 16:12:41 BT--FRW28-Wota Threat Prevention-Trusted.html
-rw-r--r-- 0/0           17466 2017-08-15 16:10:41 Generiek_Trusted Security-Global.json
-rw-r--r-- 0/0               0 2017-08-15 16:12:40 IPS-Trusted.json
-rw-r--r-- 0/0           41040 2017-08-15 16:12:40 IPS-Trusted.html
-rw-r--r-- 0/0           27450 2017-08-15 16:10:41 BT--FRW28-Wota Application-Trusted.html
-rw-r--r-- 0/0             979 2017-08-15 16:12:41 BT--FRW28-Wota Threat Prevention-Trusted.json
-rw-r--r-- 0/0         1429184 2017-08-15 16:12:41 BT--FRW28-Wota_objects.json

 

Does anyone know how to solve this issue ? As far as I understood it should be possible to run the script from the MDM and from every domain.

0 Kudos
Admin
Admin

Re: web_api_show_package.sh script shows rulebases and objects as html files

It's possible this script may need to be updated for API 1.1 (i.e. R80.10).

Hopefully https://community.checkpoint.com/people/kobie89814cd4-d650-39b1-aeda-063756160798https://community.checkpoint.com/people/ubialbf7dd8c7-dd84-3fc4-99ca-eec4929a35ad‌ can provide some guidance here.

0 Kudos