This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sarath_M
Contributor
‎2018-04-19 07:48 AM
Jump to solution

Error while exporting access rules using show package script

I am trying to export the access logs using $MDS_FWDIR/scripts/web_api_show_package.sh command on our Management server which is R80. I can export all the FW rules and other IPS rules but i'm not able to export the NAT rules.

It gives me the following error.

Unexpected character (S) at position 39.
at org.json.simple.parser.Yylex.yylex(Yylex.java:610)
at org.json.simple.parser.JSONParser.nextToken(JSONParser.java:269)
at org.json.simple.parser.JSONParser.parse(JSONParser.java:118)
at org.json.simple.parser.JSONParser.parse(JSONParser.java:81)
at org.json.simple.parser.JSONParser.parse(JSONParser.java:75)
at com.checkpoint.mgmt_api.client.ApiClient.store(ApiClient.java:567)
at com.checkpoint.mgmt_api.client.ApiClient.apiCall(ApiClient.java:305)
at com.checkpoint.mgmt_api.client.ApiClient.apiCall(ApiClient.java:359)
at com.checkpoint.mgmt_api.examples.ShowRulebaseExample.showNATRulebase(ShowRulebaseExample.java:939)
at com.checkpoint.mgmt_api.examples.ShowRulebaseExample.getPackageData(ShowRulebaseExample.java:428)
at com.checkpoint.mgmt_api.examples.ShowRulebaseExample.main(ShowRulebaseExample.java:286)

Kindly let me know how to export the NAT rules as well.

Labels
2 Solutions

Accepted Solutions
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2018-04-30 04:39 AM
In response to Sarath_M
Jump to solution

Hi Sarath,

Thanks a lot for the collaboration. We found the problem and are going to fix it soon.

It's because of the security protocol versions configured by default in different java versions. R80 uses java version 7 and R80.10+ uses java version 8, that's why it fails to run locally on R80 Management Server.

Meanwhile, as a workaround you can add the following property to JVM: -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

So instead of 

java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v

you should run

java -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v

We will inform you when the fix is ready.

View solution in original post

A_KOUADIO
Contributor
‎2023-06-30 07:40 AM
In response to fulvio
Jump to solution

Run this, it will give the line

java -jar web_api_show_package-jar-with-dependencies.jar -k "your_package-name" --query-limit limit 1

View solution in original post

0 Kudos
32 Replies
Robert_Decker
Advisor
‎2018-04-19 12:32 PM
Jump to solution

can you please specify which R80 version are you using (cpinfo -y all command)?

Robert.

0 Kudos
Sarath_M
Contributor
‎2018-04-20 12:45 AM
Jump to solution

cpinfo -y all command output:

This is Check Point CPinfo Build 914000182 for GAIA
[FW1]
HOTFIX_R80_JHF_T76 Take: 8
HOTFIX_R80_JHF_76_CIRRUS2 Take: 35

FW1 build number:
This is Check Point Security Management Server R80 - Build 002
This is Check Point's software version R80 - Build 012

[SecurePlatform]
No hotfixes..

[CPinfo]
No hotfixes..

[SmartPortal]
No hotfixes..

[Reporting Module]
HOTFIX_R80_JHF_T76 Take: 8

[CPuepm]
HOTFIX_R80_JHF_T76 Take: 8

[CVPN]
No hotfixes..

[SmartLog]
HOTFIX_R80_JHF_T76 Take: 8

[MGMTAPI]
No hotfixes..

[R7520CMP]
No hotfixes..

[R7540CMP]
No hotfixes..

[R7540VSCMP]
No hotfixes..

[R76CMP]
No hotfixes..

[SFWR77CMP]
HOTFIX_R80_JUMBO_COMP

[R77CMP]
HOTFIX_R80_JUMBO_T76_COMP

[R75CMP]
No hotfixes..

[NGXCMP]
No hotfixes..

[EdgeCmp]
No hotfixes..

[SFWCMP]
No hotfixes..

[FLICMP]
No hotfixes..

[SFWR75CMP]
No hotfixes..

[CPUpdates]
BUNDLE_R80_JHF_T76 Take: 8
BUNDLE_R80_JHF_76_CIRRUS2 Take: 35

[DIAG]
No hotfixes..

[VSEC]
HOTFIX_R80_JHF_76_CIRRUS2 Take: 35

[rtm]
No hotfixes..

0 Kudos
Robert_Decker
Advisor
‎2018-04-20 04:37 AM
In response to Sarath_M
Jump to solution

Thank You.

I know that there was an issue with NAT rulebase that was fixed and delivered as a hotfix.

I'll check on Sunday the exact version and inform you.

Sorry for this inconvenience.

Robert.

0 Kudos
Robert_Decker
Advisor
‎2018-04-23 03:24 AM
In response to Sarath_M
Jump to solution

Hi Sarath,

It seems that you have installed an older R80 management on your environment.

Our Show-Package tool has evolved big time since then (now on R80.10 installations) - bugs fixed, new features added, including a support for unicode.

Nevertheless, we will check how we can adjust our new version tool to your old installation and inform you.

Robert.

0 Kudos
Sarath_M
Contributor
‎2018-04-25 01:48 AM
In response to Robert_Decker
Jump to solution

Okay. Thank you.

0 Kudos
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2018-04-25 05:36 AM
Jump to solution

Hi Sarath,

Please check this repository https://github.com/CheckPointSW/ShowPolicyPackage to get the latest version of the Show Package tool. The version works with both R80 and R80.10 and can be used as a standalone tool remotely or put into the Security Management Server (to replace the bundled one).

Feel free to ask us questions in case you have ones.

Sarath_M
Contributor
‎2018-04-25 06:25 AM
In response to Eugene_Grybinny
Jump to solution

My plan of action is to download web_api_show_package-jar-with-dependencies.jar from the link provided and copy it into $MDS_FWDIR/api/samples/lib/ replacing the old file on the management server.

(I will back up the old file as well.)

Then run the command $MDS_FWDIR/scripts/web_api_show_package.sh.


Is this approach correct?

0 Kudos
Robert_Decker
Advisor
‎2018-04-25 07:11 AM
In response to Sarath_M
Jump to solution

It is one of the approaches, as mentioned in the tool's instructions on GitHub - replace the old jar with the new one.

Robert.

0 Kudos
Sarath_M
Contributor
‎2018-04-25 07:24 AM
In response to Robert_Decker
Jump to solution

I have downloaded the new jar file in the release tab and replaced it but it is of 729KB and the old one which we have is 13059KB and the tool did not run and showed a severe error and exited.

[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received:
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Local Ips: [x.x.x.x, 127.0.0.1]
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: ERROR: failed connecting to the server: 127.0.0.1
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /home/myid/110d4c46-0bf0-4de3-b163-e1436ff67762
[4/26/18 12:10 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2018-04-26_12-10-06.tar.gz

I do not want to build the jar file as i'm not aware of those commands and do not know how to build them.

0 Kudos
Robert_Decker
Advisor
‎2018-04-26 08:27 AM
In response to Sarath_M
Jump to solution

Can you please specify the parameters you are providing to the tool?

I need the exact command line you are running (you may use xxx for sensitive values).

The size of JAR files doesn't matter.

Robert.

0 Kudos
Sarath_M
Contributor
‎2018-04-27 12:40 AM
In response to Robert_Decker
Jump to solution

I have entered the below command on a side server. I can log into the GUI from this server and using the same credentials.

D:\java -jar .\web_api_show_package-jar-with-dependencies.jar -m x.x.x.x -u admin -p ***

[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received: server:(-m)=x.x.x.x username:(-u)=admin password:(-p)=*****
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Login As root: false
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Login with 'read-only' flag.
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: An error occurred while logging in to the server. Exception: ERROR: Could not connect to API server, check 'api status' for more details. Error message: Error: failed to get string data
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: D:\c820221a-6745-41d9-a91d-0547cc52c498
[4/27/18 11:52 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2018-04-27_11-52-04.tar.gz

api status:

API Settings:
---------------------
Accessibility: Allow from all
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 26621
CPM Started 4816 Check Point Security Management Server is running and ready
FWM Started 7517

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443


--------------------------------------------
Overall API Status: Started
--------------------------------------------

Test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

I tried running this script from the management server as well but did not work.

0 Kudos
Robert_Decker
Advisor
‎2018-04-27 03:51 AM
In response to Sarath_M
Jump to solution

Hi Sarath,

Thanks for the information. We will check this on Sunday and inform you.

Robert.

Robert_Decker
Advisor
‎2018-04-29 05:58 AM
In response to Sarath_M
Jump to solution

Hi,

Please try running the following command on your management server - 

java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v

using the new jar from github.

Let me know if this worked.

Robert.

0 Kudos
Sarath_M
Contributor
‎2018-04-29 11:53 PM
In response to Robert_Decker
Jump to solution

Hi,

Here is the output after running the command on the management server with the new jar file.

# java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v
Script stopped running due to severe error!
Result file location: show_package-2018-04-30_06-46-21.tar.gz

[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received: showPackagesList:(-v)=true
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Local Ips: [x.x.x.x, 127.0.0.1]
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: ERROR: failed connecting to the server: 127.0.0.1
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /home/xxxx/10de5284-8833-4179-aaab-04000d267e7c
[4/30/18 6:46 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2018-04-30_06-46-21.tar.gz

0 Kudos
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2018-04-30 04:39 AM
In response to Sarath_M
Jump to solution

Hi Sarath,

Thanks a lot for the collaboration. We found the problem and are going to fix it soon.

It's because of the security protocol versions configured by default in different java versions. R80 uses java version 7 and R80.10+ uses java version 8, that's why it fails to run locally on R80 Management Server.

Meanwhile, as a workaround you can add the following property to JVM: -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

So instead of 

java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v

you should run

java -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -v

We will inform you when the fix is ready.

Sarath_M
Contributor
‎2018-04-30 05:50 AM
In response to Eugene_Grybinny
Jump to solution

Awesome. Works superbly. Thank you very much.

Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2018-05-14 02:30 AM
In response to Sarath_M
Jump to solution

The fix is ready.

You can use version v1.2.3 without providing extra JVM properties.  

0 Kudos
Sarath_M
Contributor
‎2018-05-14 03:10 AM
In response to Eugene_Grybinny
Jump to solution

Thank you. It now works with just the command $MDS_FWDIR/scripts/web_api_show_package.sh on the management server.

0 Kudos
A_KOUADIO
Contributor
‎2023-01-20 10:06 AM
Jump to solution

Hi,

I am issue when tried to export the log of my checkpoint.

Quelqu'un a t-il une solution ?

[Expert@SG-AWS-Mgmt:0]# java -jar web_api_show_package-jar-with-dependencies.jar -k "Standard-Policy"
Script stopped running due to severe error!
Result file location: show_package-2023-01-11_09-03-43.tar.gz

[Expert@SG-AWS-Mgmt:0]# cat show_package-2023-01-11_09-03-43.elg
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 10 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 20 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 30 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 40 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 50 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 280 FAILED
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 300 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 310 SUCCESSFUL
[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 320 SUCCESSFUL
...
[1/11/23 9:04 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 : Finished execution of 175 tasks
[1/11/23 9:04 AM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: Error: failed while creating policy package: 'SG004-Standard-Policy'. Exception: null. Error message: null
[1/11/23 9:04 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[1/11/23 9:04 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /opt/CPsuite-R81.10/fw1/api/samples/lib/97635b94-b1e7-4eaf-9e27-38ac3bfd967f
[1/11/23 9:04 AM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2023-01-11_09-03-43.tar.gz

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-20 12:19 PM
In response to A_KOUADIO
Jump to solution

From your debug output, it looks like there some sort of an issue with a rule in the range of number 280 to 289:

[1/11/23 9:03 AM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 280 FAILED

What rules are present here?
A screenshot (redacting sensitive data) would probably help.

0 Kudos
A_KOUADIO
Contributor
‎2023-01-20 12:35 PM
In response to PhoneBoy
Jump to solution

Hello,

These are simple rules.
When I cut it like :

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 10 offset 280

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 281

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 282

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 283

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 284

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 285

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 286

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 287

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 288

show access-rulebase uid 71f36e7a-6a29-4e7d-a9b1-7eb6675adad4 limit 1 offset 289

ALL SUCCEDED

 

MONDAY I WILL PROVIDE A SCREENSHOT

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-20 12:39 PM
In response to A_KOUADIO
Jump to solution

I would recommend opening a TAC case in parallel. 

0 Kudos
A_KOUADIO
Contributor
‎2023-01-30 08:29 AM
In response to A_KOUADIO
Jump to solution 

when I run it separately, it works
0 Kudos
A_KOUADIO
Contributor
‎2023-01-30 08:17 AM
In response to PhoneBoy
Jump to solution

The problem is due to a VSX object in the policy 

0 Kudos
fulvio
Explorer
‎2023-06-30 01:41 AM
In response to A_KOUADIO
Jump to solution

Hi @A_KOUADIO can you elaborate about the VSX problem? Did you solve it? I am having exactly the same issue.

0 Kudos
A_KOUADIO
Contributor
‎2023-06-30 06:29 AM
In response to fulvio
Jump to solution

Yes, we recreated the rule with other objects

0 Kudos
fulvio
Explorer
‎2023-06-30 06:34 AM
In response to A_KOUADIO
Jump to solution

Thank you.

the logs are telling me:

Command [show-access-rulebase] uid d1d3d573-4fe0-4cef-9ac6-735899cc2511 limit 10 offset 1860 FAILED but if ask these rules from mgmt_cli 

show access-rulebase limit 10 offset 1860 uid d1d3d573-4fe0-4cef-9ac6-735899cc2511 --format json

it is works, I get the json back.

How do I identified the rule that is making fail? 

The rules seem "normal" how do I identify a VSX (not familiar with it) 

Thanks very much for your help

 

0 Kudos
A_KOUADIO
Contributor
‎2023-06-30 06:50 AM
In response to fulvio
Jump to solution

Run this command:

##show access-rulebase limit 2 uid d1d3d573-4fe0-4cef-9ac6-735899cc2511 --format json

You will find the exact line with the error

0 Kudos
fulvio
Explorer
‎2023-06-30 07:02 AM
In response to A_KOUADIO
Jump to solution

Thanks again, really appreciate it.

I don't  understand though. that command  returns rule from 1 to 2, from the logs of $MDS_FWDIR/scripts/web_api_show_package.sh

that sections is successfull

Command [show-access-rulebase] uid d1d3d573-4fe0-4cef-9ac6-735899cc2511 limit 10 offset 0 SUCCESSFUL

What am I looking for? I have attached the output of the cmd 

Thank you so much.

Preview file
14 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events