Hi PhoneBoy

As you can see I added Test_Host1 to Test_Host4 into the source column of the existing Rule 1 in Policy Package Test, as well removing Test_Host1 to Test_Host4 from the destination column in the same Rule and Policy. I did that successful within the mgmt_cli tool, but would like to do the same with curl or curl_cli.

The problem is the syntax in the curly brackets of curl  ...set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source.add" : "Test_Host5"}'

Hi PhoneBoy

In the meantime I found a workarround for the problem.
Simply list all sources or destinations in the rule and then add or remove selectiv.

- add Test_Host1 to Test_Host4 into source column
set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host1","Test_Host2","Test_Host3","Test_Host4"]}

- remove Test_Host1 from source column
set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host2","Test_Host3","Test_Host4"]}

The same for destionation.

I think there should be a simpler solution for that.

I'm trying to do something similar where I want to use a single command to add a new rule which contains a few sources and destination below an existing rule.

I did this:
mgmt_cli add access-rule uid <uid reference> layer "Standard Network" position.below "<uid reference>" name "Test Rule" source "HOST1","HOST2" destination "GROUP1" service "http" action "Accept" track type "Log"

This does not work, and I cannot find an example on the Checkpoint API reference site.  The site does not show example of all the parameters you can use for a given action ie. in this case 'add access-rule'.

I got this working in a test environment.

[Expert@cptestenv:0]# mgmt_cli -r true add access-rule name "Access to GROUP1" layer "Network" position.below "44b0b0fc-524b-40c4-b0a2-581312446dc8" source.1 "HOST1" source.2 "HOST2" destination "GROUP
1" action "accept" service.1 "http" service.2 "https" track "log"


---------------------------------------------
Time: [18:12:14] 31/5/2023
---------------------------------------------
"Publish operation"  succeeded  (100%)

Looking at set access-rule there is the .add action you can append to either source, destination or objects to make a batch import but it doesn't seem to be present in add access-rule. So depending of the size of your list to import you could create a rule with add access-rule then batch import sources or destinations in it with a CSV by calling set access-rule source.add, destination.add, service.add in one call referencing the name or uid of the rule in question.

Thanks Alex.

Would use .csv for large imports, for small changes the above is great.  I'll certainly give this ago.

What frustrates me is there are no examples for the different action you can have on the API reference pages, would  be nice if Checkpoint provided an example for every parameter scenario (I know this is allot) it would save allot of time.

All works,  one observation I wanted to add a section heading as well, and noted that you have do this last, keeping in mind you want everything to be added under and existing uid.

session=`mgmt_cli -r true login --format json| jq -r '.sid'`
mgmt_cli --session-id $session add group name "GROUP1" color "Sea Green" comments "Test Group"

mgmt_cli --session-id $session set group name "GROUP1" members.add.1 HOST1

mgmt_cli --session-id $session add access-rule name "Test Rule" layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" source "HOST2" destination "GROUP1" action "accept" service.1 "microsoft-ds" service.2 "nbsession" track "log" comments "New rule added"

mgmt_cli --session-id $session add access-section layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" name "Section for new rule"

mgmt_cli --session-id $session publish