- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
I am trying to use the "mgmt" commands to adjust IPS protection.
For example, I want to set the protection "FTP Commands" action from "inaction to "detect" for Threat protection profile "DMZ_Protection".
How can I do this?
Reading this:
https://sc1.checkpoint.com/documents/R80/APIs/index.html#gui-cli/set-threat-protection
I got an idea. However, the part I don't understand is how to correctly use the "profiles name" in the command so I am only adjusting the action of the protection only on a specific Threat profile.
The example from the doc show "overrides.1.profile", but I don't really understand the meaning of "1" here.
Thanks in advance for any explanation about how to deal with those "List: Object" parameter.
overrides.1.profile and overrides.2.profile etc. allows you to run the command on several profiles at the same time by just giving the name of the first profile after overrides.1.profile and so on.
In the example you can see they refer to two different profiles - New Profile 1 and New Profile 2
set threat-protection name "Aggressive Aging" overrides.1.profile "New Profile 1" overrides.1.action "Prevent" overrides.1.track "Log" overrides.1.capture-packets true overrides.2.profile "New Profile 2" overrides.2.action "Prevent" overrides.2.track "Log" overrides.2.capture-packets true
This is also true in the other examples
HTH
Tal
Thanks.
I manage to get this to work.
Want to ask about the "show threat-protection". From the doc, it appears that it would accept parameter "profiles". I was trying to do that in hope to get the result of a specific threat protection setting on a specific profile.
Command:
mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profile "draas-fw-a1_Protection"
I also tried this ("profiles" vs "profile"):
mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profiles "draas-fw-a1_Protection"
Both give me error:
MGMT9000 code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [profile]"
I wonder if the "profile" (or profiles) is a valid input parameter, or if it is a typo in the doc, or I just didn't use this parameter correctly.
Any inputs? Thanks.
Thanks.
Good to know. It appears the doc has a lot of room for improvement regarding the typo and the acceptable parameters on various commands.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY