- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I am trying to use the "mgmt" commands to adjust IPS protection.
For example, I want to set the protection "FTP Commands" action from "inaction to "detect" for Threat protection profile "DMZ_Protection".
How can I do this?
Reading this:
https://sc1.checkpoint.com/documents/R80/APIs/index.html#gui-cli/set-threat-protection
I got an idea. However, the part I don't understand is how to correctly use the "profiles name" in the command so I am only adjusting the action of the protection only on a specific Threat profile.
The example from the doc show "overrides.1.profile", but I don't really understand the meaning of "1" here.
Thanks in advance for any explanation about how to deal with those "List: Object" parameter.
overrides.1.profile and overrides.2.profile etc. allows you to run the command on several profiles at the same time by just giving the name of the first profile after overrides.1.profile and so on.
In the example you can see they refer to two different profiles - New Profile 1 and New Profile 2
set threat-protection name "Aggressive Aging" overrides.1.profile "New Profile 1" overrides.1.action "Prevent" overrides.1.track "Log" overrides.1.capture-packets true overrides.2.profile "New Profile 2" overrides.2.action "Prevent" overrides.2.track "Log" overrides.2.capture-packets true
This is also true in the other examples
HTH
Tal
Thanks.
I manage to get this to work.
Want to ask about the "show threat-protection". From the doc, it appears that it would accept parameter "profiles". I was trying to do that in hope to get the result of a specific threat protection setting on a specific profile.
Command:
mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profile "draas-fw-a1_Protection"
I also tried this ("profiles" vs "profile"):
mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profiles "draas-fw-a1_Protection"
Both give me error:
MGMT9000 code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [profile]"
I wonder if the "profile" (or profiles) is a valid input parameter, or if it is a typo in the doc, or I just didn't use this parameter correctly.
Any inputs? Thanks.
Thanks.
Good to know. It appears the doc has a lot of room for improvement regarding the typo and the acceptable parameters on various commands.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY