This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MichaelGur
Explorer
‎2022-04-12 06:50 AM

Get all network objects from a specific group with api

We tried this code

mgmt_cli -r true show-group name 'group name' --format json | jq '.members[] | [.name, ."ipv4-address"] | @scv' -r

we have used this command to get all network object from a specific group (objects names and IP addresses) but we have encountered a problem.

Objects defined as networks (with a subnet mask of 255.255.255.0 or higher) do not have IP addresses assigned to them

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-04-14 03:07 PM

Yeah, objects of type network do not have an element called ipv4-address.
Haven't tried this, but maybe this will work: 

mgmt_cli -r true show-group name 'group name' --format json | jq '.members[] | [.name, ."ipv4-address", .subnet4, ."mask-length4" ] | @scv' -r

For host objects, you'll see the IPv4 address.
For networks, you'll get the IPv4 network and mask length.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2022-04-14 05:34 PM
In response to PhoneBoy

Minor typo: @scv should be @csv in the end. It works otherwise:

[Expert@DallasSA]# mgmt_cli -r true show-group name 'RFC 1918 Addresses' --format json | jq '.members[] | [.name, ."ipv4-address", .subnet4, ."mask-length4" ] | @csv' -r
"RFC 10/8",,"10.0.0.0",8
"RFC 192.168/16",,"192.168.0.0",16
"RFC 172.16/12",,"172.16.0.0",12

Note that this only covers hosts and networks. Address ranges have another set of properties, DNS domains work solely based on the name of the object, and wildcards have yet another set of properties. Groups can also contain groups, which gets really complicated to handle.

As long as you know roughly the contents of the group ahead of time, this is fine.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events