Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam_Ponder
Contributor

Bulk updating email allow list

I just wanted to pass this on in case someone is looking for this type of information down the road. And as always, feedback is appreciated.

Task: move all the allowed domains and IPs in mail security from one appliance to another.

  1. Gather data from the source appliance
    1. use the following dbedit command to gather the different sections of data that is needed
      • print mail_security_policy Global_Mail_Security_Policy
  2. Take a backup or snapshot of the target appliance
  3. Create a txt file on the appliance. I prefer to do this via VI editor and paste in the formatted data.
    • Add to the IP Allow
      • The following dbedit line adds a empty element to the container
        • addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
      • The following dbedit line modifies the element in position '0' (or the first element) with the value X.X.X.X, or the IP address you want to add to the allow list. So if you already have elements listed, you will want to start with that value and not 0, or else you will overwrite the value in those positions.
        • modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:0:ip X.X.X.X
        • Rinse and repeat for each IP address you want to add, increasing the position value each time, example below.
        • Click to Expand
          addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
          modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:0:ip 1.1.1.1
          addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
          modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:1:ip 1.1.1.2
          addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
          modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:2:ip 1.1.1.3
          addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
          modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:3:ip 1.1.1.4
          addelement mail_security_policy Global_Mail_Security_Policy allow_ip_list MAIL_SECURITY_IP
          modify mail_security_policy Global_Mail_Security_Policy allow_ip_list:4:ip 1.1.1.5
          update mail_security_policy Global_Mail_Security_Policy
        • The update mail_security_policy Global_Mail_Security_Policy command at the end saves the changes.
        • Paste this in a new file on the target appliance
        • run with the following command
          • dbedit -local -f filename.txt
        • Confirm the changes in one of many ways, Smart Console, GuiDBedit, or print mail_security_policy Global_Mail_Security_Policy
    • Add to the Domain Allow
      1. real similar to IP, with just a few changes
        • MAIL_SECURITY_DOMAIN instead of MAIL_SECURITY_IP
        • allow_domain_list instead of allow_domain_ip
        • a sample below
        • Click to Expand
          addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
          modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:0:domain @abc.com
          addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
          modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:1:domain @bcd.com
          addelement mail_security_policy Global_Mail_Security_Policy allow_domain_list MAIL_SECURITY_DOMAIN
          modify mail_security_policy Global_Mail_Security_Policy allow_domain_list:2:domain @cde.com
          update mail_security_policy Global_Mail_Security_Policy
        • same steps as above.

 

I didn't do any block list bulk imports, but it doesn't look like it is that much different.

 

Here are a few sk's that I gleaned some information from

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

This task was very educational with DBedit.

Thanks for reading. 

Sam

Edited: to fix a typo

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Thanks for sharing.
What version/JHF did you do this on?

0 Kudos
Sam_Ponder
Contributor

R81.10 take 66

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events