This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Raymondn
Contributor
‎2019-09-16 04:29 PM

Adjust Threat-Protection Action

I am trying to use the "mgmt" commands to adjust IPS protection.

For example, I want to set the protection "FTP Commands" action from "inaction to "detect" for Threat protection profile "DMZ_Protection".

How can I do this?

 

Reading this:

https://sc1.checkpoint.com/documents/R80/APIs/index.html#gui-cli/set-threat-protection

I got an idea.  However, the part I don't understand is how to correctly use the "profiles name" in the command so I am only adjusting the action of the protection only on a specific Threat profile.

 

The example from the doc show "overrides.1.profile", but I don't really understand the meaning of "1" here.

 

Thanks in advance for any explanation about how to deal with those "List: Object" parameter.

 

0 Kudos
Reply
6 Replies
Tal_Paz-Fridman
Employee++
Employee++
‎2019-09-17 03:08 AM

overrides.1.profile and overrides.2.profile etc. allows you to run the command on several profiles at the same time by just giving the name of the first profile after overrides.1.profile and so on.

 

In the example you can see they refer to two different profiles - New Profile 1 and New Profile 2

set threat-protection name "Aggressive Aging" overrides.1.profile "New Profile 1" overrides.1.action "Prevent" overrides.1.track "Log" overrides.1.capture-packets true overrides.2.profile "New Profile 2" overrides.2.action "Prevent" overrides.2.track "Log" overrides.2.capture-packets true

 

This is also true in the other examples

HTH

Tal

0 Kudos
Reply
Raymondn
Contributor
‎2019-09-17 12:12 PM
In response to Tal_Paz-Fridman

Thanks.  

I manage to get this to work.

 

Want to ask about the "show threat-protection".  From the doc, it appears that it would accept parameter "profiles".  I was trying to do that in hope to get the result of a specific threat protection setting on a specific profile.

 

Command:

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profile "draas-fw-a1_Protection"

 

I also tried this ("profiles" vs "profile"):

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profiles "draas-fw-a1_Protection"

 

Both give me error:

MGMT9000 code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [profile]"

 

I wonder if the "profile" (or profiles) is a valid input parameter, or if it is a typo in the doc, or I just didn't use this parameter correctly.

 

Any inputs?  Thanks.

 

 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-09-20 01:32 PM
In response to Raymondn

show threat-protection doesn't accept "profile" as a parameter.
I suspect you want set threat-protection, which has somewhat different parameters.
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-threat-protection~v1.5%20
0 Kudos
Reply
Raymondn
Contributor
‎2019-09-20 01:57 PM
In response to PhoneBoy

Thanks.

 

Good to know.  It appears the doc has a lot of room for improvement regarding the typo and the acceptable parameters on various commands.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-09-21 09:18 AM
In response to Raymondn

There is always room for improvement, but you had an older link for the documentation that might not be getting updated.
The one I provided should be getting continual updates.
0 Kudos
Reply
Raymondn
Contributor
‎2019-09-23 11:48 AM
In response to PhoneBoy

good to know. thx for link you provided.
0 Kudos
Reply