This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Adam_Forester
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2018-03-03 12:44 PM

Delete Unused Hosts, Networks, and Groups (R80.10 SMS & MDS)

V2 **Updated to support object databases of any size**

V3 **Added Separate scripts for MDS Support** 

V4 **Combined MDS and SMS into a single script. Export now creates a single file instead of two. **

NOTE: The larger the object database the more time this takes to run.

This is a simple shell script that will allow you to parse a particular object database for unused objects. The results will be output into three files of mgmt_cli commands to delete those objects (Host, Network, Group). You could use those files to automatically delete the objects but I suggest reviewing anything before you delete rules. Both SMS and MDS are supported in the same script.

You have two options of use; NAME or UID.

Please be careful when using any API tool to modify your database. Be sure to verify all data and have Backups

How to use

  • cp script over to mgmt station (this script is intended to run directly on the mgmt station)
  • execute ./script-name.sh
    • script will ask for IP of SMS or Domain of MDS you wish to search
  • Output will be in delete-unused-objects.txt
    • delete-unused-objects.txt will have the mgmt_cli commands for deletion. If you want to execute it do the following;
      • chmod 755 delete-unused-objects.txt
      • ./delete-unused-objects.txt

Original files on github: GitHub - cpmidsouth/Delete-Unused-Objects: This Script will seach the object database for Unused Obj... 

 

Feedback welcome this was a simple project that came out of a client request.

Labels
Preview file
4 KB
7 Replies
Gaurav_Pandya
Advisor
‎2018-03-05 09:48 AM

Hi Adam,

This is really nice script. I have run this in my LAB and tested.

Please let me know if we can do the same thing with Unused Rules. A script which shows names of Unused Rules.

0 Kudos
Adam_Forester
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2018-03-05 09:59 AM

Gaurav,

Thanks for the nice comment. I did a script a couple weeks ago that would search the rulebase for zero hit count. Take a look at it: https://community.checkpoint.com/docs/DOC-2640 

I'm working on v3 to be a bit more flexible with layers.

-Adam

Chris_Wilson
Contributor
‎2018-04-27 10:03 AM

mgmt_cli and these scripts are for R80.x right?

Gaurav_Pandya
Advisor
‎2018-04-27 10:58 AM

Hi Chris,

Yes. It is for R80.x

Vanesa_Benito_O
Contributor
‎2018-05-18 11:34 AM

Great! This is exactly what i am looking for! I am migrating the configuration from an old firewall to check point and I always have hated insert unused objects in the new policy!!

I am going to test it!

Thank you

Adam_Forester
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2018-05-18 12:04 PM

Awesome! Glad this will help, let me know if you have questions. After you get running and logs going for a few months take a look at https://community.checkpoint.com/docs/DOC-2640?sr=stream&ru=53216  and it will help you clean up your rulebase some

S_E_
Advisor
‎2021-09-23 06:15 AM

Hi

Great tool!

Do you consider to expand the tool for Services (TCP|UDP|Groups)

Thanks

Regards

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events