This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Eric_Beasley
Employee
Employee
‎2016-09-08 06:43 AM

CLI API Example for exporting, importing, and deleting different objects using CSV files

Check out GITHUB for latest version v00.60.12.100.750 as of 2023-03-14:

GitHub - mybasementcloud/R8x-export-import-api-scripts: Check Point R8x Export, Import, [and more] A... 

https://github.com/mybasementcloud/R8x-export-import-api-scripts/releases

 

Available documentation is provided in the in the GitHub Repository, please check the latest releases document and the README.MD file.

 

Version v00.60.12.100.750 is the last planned release under that GitHub repository, and all new development is going here:
mybasementcloud/R8X_mgmt_cli_API_bash_scripts

 

The post below is not manageable and won't be updated any more, all specifics and improved documentation is provided on GitHub.

BR

Eric @Eric_Beasley 



38 Replies
hboogie
Participant
‎2023-02-23 02:43 PM

Does this script import policies from csv file into management server ? or just objects? 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-23 03:00 PM
In response to hboogie

As I understand it, only objects are manipulated with these scripts.

0 Kudos
hboogie
Participant
‎2023-02-23 03:04 PM
In response to PhoneBoy

Do you know if there is a method to import csv file into a mgt server as a policy ? Looking to import policy .csv file from one mgt server to another .

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-23 03:14 PM
In response to hboogie

If you're talking about taking a CSV export from SmartConsole and importing it to another management station, this is not possible.
It would require either additional information to be put in the CSV file OR every object referenced in that policy to be pre-defined in the management.

To copy a policy from one management to another, use the following tool: https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
This will include exports of all the objects referenced in said policy package.

0 Kudos
Hugo_vd_Kooij
Advisor
‎2023-02-24 12:36 AM
In response to PhoneBoy

I have to disagree to an extend.

If you know the objects and do transactions in the proper order it might work but it means you have to define hosts, networks and services first. Then groups containing only these type of objects, and so on. And only once all objects are defined a specific object depends on.

While it may work in theory it will not work this way in real life.

However if you have definded everything after initial install using the API you may have a record of this and you might redo all  steps. But it requires you have designed this to work this way before you started the initial policy to begin with.

As much as I like Ansible and idempotent solutions like it this is hardly ever the case.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-24 06:29 PM
In response to Hugo_vd_Kooij

It's theoretically possible in general, yes.
I was referring to as things are currently implemented 🙂

0 Kudos
Danny
Champion Champion
Champion
‎2023-03-03 01:32 AM

Thanks @Eric_Beasley !
Your script was a big time saver for me on a project where I had to migrate a R80.10 Full-HA setup to a R81.10 distributed environment that Check Point does not support for R8x versions (sk44201).

I downloaded the latest devops.dev release from your GitHub > Latest > Assets, scp'd it to the R80.10 & R81.10 managements and extracted it into /var/log/__customer.

On the old R80.10 management I ran _minimum_exports.sh to export all the objects from the Management DB and scp'd the the resulting .tgz to the freshly installed R81.10 management into /var/log/__customer.

On the freshly installed R81.10 management I successfully imported the objects via ./cli_api_import_objects_from_csv.sh -v -r --NOWAIT --RESULTS -i "/var/log/__customer/devops.my_data/2023-02-27-1834CET.export_objects_to_csv/csv"

With all imported objects then existing on the new management I was able to quickly rebuild the rulebase manually.

Keep going! This is of great help. 👍

0 Kudos
VikingsFan
Collaborator
‎2024-06-17 03:19 PM
In response to Danny

Old post but curious if your import also worked for group memberships?  Doing exactly what you did but only getting objects and not the members of groups.

0 Kudos
VikingsFan
Collaborator
‎2024-06-17 03:17 PM

So digging into the logs, it looks like my issue is that any of the CSV files that have group members... services, network, etc have an error that says "Object XXXXXXX does NOT support SET [UPDATE]".  The export function extracted the information successfully so I have to think there's a way to import the group members?  My group member file has over 3,000 rows so not something I want to do by hand.

The initial command I was using was from Danny's example: ./cli_api_import_objects_from_csv.sh -v -r --NOWAIT --RESULTS -i "/var/log/__customer/devops.my_data/2024-06-17-1435EDT.export_objects_to_csv/csv"

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events