- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Global object cleanup
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Global object cleanup
https://github.com/adi0s/CPCleanupGlobalObject
This tools provides a way how to determine, if some global object created in Check Point global policy is used across all domains or not.
How does it work?
Get all network objects from global policy (hosts,networks,groups,address-range)
Get list of all domains on MDS
Search over each domain to check if particular object is used or not - using where-used api command
Write down results and generate API CLI commands for object deletion for each object type
By default is generating list of objects, which are not used in any domain or just used in one domain. Example: you have 12 domains on MDS and reported object is not used in any of 12 domains or it's just used on 1 domain from 12 (this kind of object should be only local object)
Requirements: Download and install the Check Point API Python SDK repository, follow the instructions in the SDK repository.
https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
Written for python3, but if you put in first line also this: from future import print_function it should run on python2
How to use?
python global_object_cleaner.py -m management_ip -u username -p password -g "global domain name"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very nice.
Check out SmartConsole Extensions platform to integrate this useful tool inside SmartConsole
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@JozkoMrkvicka @Kaspars_Zibarts i believe that you guys have for sure environment with MDS, could you please test in your test/qa environments? Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Martin_Valenta wrote:
@JozkoMrkvicka @Kaspars_Zibarts i believe that you guys have for sure environment with MDS, could you please test in your test/qa environments? Thanks!
You will not believe me, but TODAY, I started to think about to script EXACTLY THE SAME, but for R77.30 🙂
Anyway, I do have testing R80.20 MDS with 5 CMAs, using Global policy. Some global objects are used, some not. Will revert back with more updates.
PS: In production environments, we are using also global services (TCP, UDP, group) and time objects. Maybe a suggestion for further extension of this script - let the user choose what to check (all, only network, only hosts, only ranges, only time objects).
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The file itself has a name:
global_object_cleaner.py
But in instructions, it is stated that we need to run file:
How to use? python global_object_cleanup.py -m management_ip -u username -p password -g "global domain name"
If I run the script without any parameter, it will ask for username and once entered, the following pop-up:
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You run it with python2 right? It will be probably due to differente function on gathering input from console..Python2 have raw_input() and python3 just input.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Martin_Valenta wrote:
You run it with python2 right? It will be probably due to differente function on gathering input from console..Python2 have raw_input() and python3 just input.
Yep.
Anyway, what is the point to have output in CSV file? What about a simple text file with all relevant commands? Also, there is no message that the files were created and are stored in the same directory.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this tool still the best or do you know of any who have developed on this matter?
My exact need, is actually to identify which impact a change of a global object will have in all domains.
Meaning, in what rulesets are the object in use?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
