Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Raymondn
Contributor

Adjust Threat-Protection Action

I am trying to use the "mgmt" commands to adjust IPS protection.

For example, I want to set the protection "FTP Commands" action from "inaction to "detect" for Threat protection profile "DMZ_Protection".

How can I do this?

 

Reading this:

https://sc1.checkpoint.com/documents/R80/APIs/index.html#gui-cli/set-threat-protection

I got an idea.  However, the part I don't understand is how to correctly use the "profiles name" in the command so I am only adjusting the action of the protection only on a specific Threat profile.

 

The example from the doc show "overrides.1.profile", but I don't really understand the meaning of "1" here.

 

Thanks in advance for any explanation about how to deal with those "List: Object" parameter.

 

0 Kudos
6 Replies
Tal_Paz-Fridman
Employee
Employee

overrides.1.profile and overrides.2.profile etc. allows you to run the command on several profiles at the same time by just giving the name of the first profile after overrides.1.profile and so on.

 

In the example you can see they refer to two different profiles - New Profile 1 and New Profile 2

set threat-protection name "Aggressive Aging" overrides.1.profile "New Profile 1" overrides.1.action "Prevent" overrides.1.track "Log" overrides.1.capture-packets true overrides.2.profile "New Profile 2" overrides.2.action "Prevent" overrides.2.track "Log" overrides.2.capture-packets true

 

This is also true in the other examples

HTH

Tal

0 Kudos
Raymondn
Contributor

Thanks.  

I manage to get this to work.

 

Want to ask about the "show threat-protection".  From the doc, it appears that it would accept parameter "profiles".  I was trying to do that in hope to get the result of a specific threat protection setting on a specific profile.

 

Command:

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profile "draas-fw-a1_Protection"

 

I also tried this ("profiles" vs "profile"):

mgmt show threat-protection name "3Com Network Supervisor Directory Traversal" profiles "draas-fw-a1_Protection"

 

Both give me error:

MGMT9000 code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [profile]"

 

I wonder if the "profile" (or profiles) is a valid input parameter, or if it is a typo in the doc, or I just didn't use this parameter correctly.

 

Any inputs?  Thanks.

 

 

0 Kudos
PhoneBoy
Admin
Admin

show threat-protection doesn't accept "profile" as a parameter.
I suspect you want set threat-protection, which has somewhat different parameters.
See: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-threat-protection~v1.5%20
0 Kudos
Raymondn
Contributor

Thanks.

 

Good to know.  It appears the doc has a lot of room for improvement regarding the typo and the acceptable parameters on various commands.

0 Kudos
PhoneBoy
Admin
Admin

There is always room for improvement, but you had an older link for the documentation that might not be getting updated.
The one I provided should be getting continual updates.
0 Kudos
Raymondn
Contributor

good to know. thx for link you provided.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events