This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Don_Paterson
MVP Gold
MVP Gold
‎2021-08-05 04:15 PM

Export with API for re-import

Is there a compilation of options for export with the API commands and Python options in a single thread?

For example, is there a step-by-step guide to do export on an SMS in expert mode or via a remote machine with Python installed (admin Windows 10 PC)?

There are a lot of good threads but no clean walk through guides that I have found

https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...

 

Thanks,

Don

0 Kudos
6 Replies
Danny
MVP Platinum
MVP Platinum
‎2021-08-05 04:19 PM

I always use Check Points Management API Reference as a starting point and the officially supported ExportImportPolicyPackage or ShowPolicyPackage, depending on what I'm trying to achieve. The ShowPolicyPackage easily provides me with a JSON export I can work with, but I haven't tried yet to re-import into a fresh SMS.

Don_Paterson
MVP Gold
MVP Gold
‎2021-08-05 04:25 PM
In response to Danny

Yes, that is good, especially the Tips & Best Practices, with the examples with jq.

And then there are these options:

mgmt_cli –r true show hosts limit 250 --format json | jq -r '.objects[] | (“add host name “ + .name + “ ipv4-address ” + .”ipv4-address”)'

I am looking for a bit of a dummy guide to that ExportImportPolicyPackage  🙂

https://github.com/CheckPointSW/ExportImportPolicyPackage

0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2021-08-05 04:27 PM
In response to Don_Paterson

That's why my go-to solution is often ShowPolicyPackage as explained above. Plus it's already pre-installed on newer SMSs. Just run $MDS_FWDIR/scripts/web_api_show_package.sh

Don_Paterson
MVP Gold
MVP Gold
‎2021-08-05 04:43 PM
In response to Danny

That's great, thanks Danny.

There was mention a few years ago about about an API command to get the config out in the format that it would need to be in to go (straight) back in (into the API). The jq options helps to filter the api output, ready to go back in but I wonder if it could be easier.

Obviously migrate export/migrate_server etc. are the DR backup, and essential but I am wondering if there is an API option (maybe via Python) to get the web_api_show_package back in via the API or the top option (API command to get the config out in the format that it would need to be in to go back in (into the API).

Rgds,

Don

Danny
MVP Platinum
MVP Platinum
‎2021-08-05 05:05 PM
In response to Don_Paterson

Maybe the PostgreSQL database backup is also worth to be checked as an alternative to migrate export/migrate_server.

Export: pg_dump dbname > outfile
Import: psql dbname < infile

0 Kudos
cosmos
Advisor
‎2022-08-29 11:42 PM
In response to Don_Paterson

+1

I would love to be able to export/import parts of the config, policy & objects in some kind of standard format without having to use external tools that may not be reachable (think proper appliance with no shell)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events