This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mikesleath
Participant
‎2020-09-16 07:24 AM

Global vs Local rule bases

Is it possible to extract the global and local rules within a CMA with one API call? Or is it a requirement to extract both separately and then "insert" the local rules into the "Placeholder for domain rules" section? I am attempting to emulate what was delivered using cp_merge. 

0 Kudos
3 Replies
mikesleath
Participant
‎2020-09-16 09:19 AM

I think I have answered my own question.... the "local" rules query will contain the global rules, but the rule base is not in the order I was expecting.... global-pre-local and global-post-local are included prior to the local rules but not included in the "total". Apologies for not digging in more detail before posting.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-09-16 10:35 AM

You can only get the Domain you have logged into from the API, so when you need the Global rules, you need to collect them from the MDS level domain. For each domain/CMA you need to login with the -d parameter to get the info from that specific domain/CMA. And this cannot be done within the same call.

Regards, Maarten
0 Kudos
mikesleath
Participant
‎2020-09-16 11:16 PM
In response to Maarten_Sjouw

I think the domain will also show me the global rules that have been assigned. I need to make two calls like this

to get global policy rules as currently assigned to domain

mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_GlobalPol Security" limit 100 use-object-dictionary true --format json

to get local rules for the domain

mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_LocalPol Security" limit 100 use-object-dictionary true --format json

I can combine the results and "insert" the local rule at the "place holder for domain rules slot" but was wondering if there was a command to pull back the combined rule base as cp_merge did previously?

If I connect to the MDS level and extract the global rules, i get the view of the rules at the MDS level which, in some circumstances, may not match that which is assigned to the domain level.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events