Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

API command to get the disable rule

Jump to solution

Hi Team,

 

I am trying to get the disabled rules in checkpoint rule base by using API or mgmt_cli commands , the way we are getting the zero hit count rule.

can you share the command to get the disabled rules from rulebases.

Thanks in advance.

 

Regards

Aathi

 

0 Kudos
Reply
2 Solutions

Accepted Solutions
Admin
Admin
There is not a specific API to retrieve disabled rules.
However, you can retrieve the rulebase via mgmt_cli and use jq to filter the results using a select statement.

View solution in original post

0 Kudos
Reply
Advisor

Quick Powershell example code to extract the disabled rules.

As for the actual source/destination/service, these are UID's of the actual object, so you would need to do another query in the foreach loop to resolve them to names if that's what you're looking for.

 

[string]$BaseUri = "https://10.10.1.1/web_api"
[string]$domain = "Domainname"  # Only used for MDS servers
[string]$user = "username"
[string]$pass = "password"

$loginData = @{
    "user" = $user
    "password" = $pass
    "domain" = $domain # Only used for MDS servers
} | ConvertTo-Json

Write-Output "Invoking Login"
$login = Invoke-RestMethod -Method Post -Uri "$BaseUri/login" -Body $loginData -Headers @{ "content-type" = "application/json" }

$headers = @{
    "content-type" = "application/json"
    "x-chkp-sid" = $login.sid
}



# Get RuleBase
Write-Output "Getting rulebase"
$body = @{
    "name" = "demo-policy Network"
    } | ConvertTo-Json
$rules = Invoke-RestMethod -Method Post -Uri "$BaseUri/show-access-rulebase" -Body $body -Headers $headers

foreach ($i in $rules.rulebase.rulebase) {  
    if ($i.enabled -like "False") {
        Write-Output "Rulename: $($i.name), Source: $($i.source), Destination: $($i.destination), Service: $($i.service), Enabled: $($i.enabled)"
        }
}


Write-Output "Disconnect session $($login.uid)"
$null = Invoke-RestMethod -Method Post -Uri "$BaseUri/disconnect" -Headers $headers -Body (@{ "uid" = $login.uid } | ConvertTo-Json)

View solution in original post

8 Replies
Admin
Admin
There is not a specific API to retrieve disabled rules.
However, you can retrieve the rulebase via mgmt_cli and use jq to filter the results using a select statement.

View solution in original post

0 Kudos
Reply
Contributor

Hi PhoneBoy,

By using Jq filter i got the UID and also .i need to get the Source ,destination and port as well( need to get the exact rulebase  by using UID or something) .is it possible to get those.if yes can you please share the exact syntax for the same.

Thanks in advance.

 

0 Kudos
Reply
Admin
Admin

What CLI do you have so far?

0 Kudos
Reply
Contributor

Hi Phoneboy.

Its Mgmt_cli.

 

0 Kudos
Reply
Advisor

Quick Powershell example code to extract the disabled rules.

As for the actual source/destination/service, these are UID's of the actual object, so you would need to do another query in the foreach loop to resolve them to names if that's what you're looking for.

 

[string]$BaseUri = "https://10.10.1.1/web_api"
[string]$domain = "Domainname"  # Only used for MDS servers
[string]$user = "username"
[string]$pass = "password"

$loginData = @{
    "user" = $user
    "password" = $pass
    "domain" = $domain # Only used for MDS servers
} | ConvertTo-Json

Write-Output "Invoking Login"
$login = Invoke-RestMethod -Method Post -Uri "$BaseUri/login" -Body $loginData -Headers @{ "content-type" = "application/json" }

$headers = @{
    "content-type" = "application/json"
    "x-chkp-sid" = $login.sid
}



# Get RuleBase
Write-Output "Getting rulebase"
$body = @{
    "name" = "demo-policy Network"
    } | ConvertTo-Json
$rules = Invoke-RestMethod -Method Post -Uri "$BaseUri/show-access-rulebase" -Body $body -Headers $headers

foreach ($i in $rules.rulebase.rulebase) {  
    if ($i.enabled -like "False") {
        Write-Output "Rulename: $($i.name), Source: $($i.source), Destination: $($i.destination), Service: $($i.service), Enabled: $($i.enabled)"
        }
}


Write-Output "Disconnect session $($login.uid)"
$null = Invoke-RestMethod -Method Post -Uri "$BaseUri/disconnect" -Headers $headers -Body (@{ "uid" = $login.uid } | ConvertTo-Json)

View solution in original post

Contributor

Hi Sigbjorn,

i tried to get source name and destination name and service using for each  loop but getting the error,can you share the exact syntax to get the same.

Thanks in advance.

 

 

 

0 Kudos
Reply
Advisor

Hi,

This should do it:

# Get RuleBase
Write-Output "Getting rulebase"
$body = @{
    "name" = $layer
    } | ConvertTo-Json
$rules = Invoke-RestMethod -Method Post -Uri "$BaseUri/show-access-rulebase" -Body $body -Headers $headers

foreach ($y in $rules.rulebase.rulebase) {  
        $body = @{
        "uid" = $($y.uid)
        "layer" = $layer
        } |ConvertTo-Json
        $rule = Invoke-RestMethod -Method Post -Uri "$BaseUri/show-access-rule" -Body $body -Headers $headers
        if ($($rule.enabled) -like "False") {
            Write-output "Disabled rule, Rulename: $($rule.name), Enabled: $($rule.enabled), Rule UID: $($rule.uid), Source: $($rule.source.Name), Destination: $($rule.destination.Name), Service: $($rule.service.Name), Action: $($rule.action.Name)"
            }
}
0 Kudos
Reply
Explorer

Here is a mgmt_cli API call you can try. I modified it from a call I use to grab zero hits rules. If you are not running a multi-domain management server you can remove the -d option. This will send the results to a csv file as well. You may be having the problem retrieving source and destination if they have more than one object. the [] specifies those fields are arrays. The one limitation I haven't been able to get around is those fields return UID values rather than their plain text names.

mgmt_cli -d <domain> show access-rulebase offset 0 limit 2000 uid "<rulebase UID>" details-level "standard" use-object-dictionary true --format json -u <username> |jq -r '.rulebase[].rulebase[]|select(.enabled = "False")| [."uid", ."name", ."comments", ."enabled", .source[], .destination[], .service[]]|@csv' > <csvfilename>.csv

 

Ron

0 Kudos
Reply