This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SecNetEng
Contributor
‎2023-02-26 03:17 PM
Jump to solution

How do I add a new access-section to a specific package via the api?

I use the following to add script to the first policy on my SMS, using SmartConsole API.

add access-section layer "Network" position top name "Gateways Access"
add access-section layer "Network" position bottom name "Noise Suppression"
add access-section layer "Network" position bottom name "Stealth Rule"
add access-section layer "Network" position bottom name "Internet Access"
add access-section layer "Network" position bottom name "Cleanup Rule"

Later, I created a second policy for another gateway, I want to add these access-sections to the new policy.

I find that this still adds the sections to the first policy, no matter which policy I have selected in SmartConsole.

https://sc1.checkpoint.com/documents/latest/APIs/#gui-cli/add-access-section~v1.9%20

The API does not support specifying a package.

How do I script adding access-sections to a specific policy package using SmartConsole API?

1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2023-02-27 01:44 AM
Jump to solution

You need to replace the name of the layer, in the case of your example "Network" with the relevant one.

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

For example from Cloud Demo:

2023-02-27 11_43_18-Manage policies and layers.png

View solution in original post

0 Kudos
4 Replies
Hugo_vd_Kooij
Advisor
‎2023-02-27 12:32 AM
Jump to solution

It seems that hardly any command has an option to select the package. So far I only found it at 

show access-rulebase

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Tal_Paz-Fridman
Employee
Employee
‎2023-02-27 01:44 AM
Jump to solution

You need to replace the name of the layer, in the case of your example "Network" with the relevant one.

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

For example from Cloud Demo:

2023-02-27 11_43_18-Manage policies and layers.png

0 Kudos
SecNetEng
Contributor
‎2023-02-27 11:37 AM
In response to Tal_Paz-Fridman
Jump to solution

@Tal_Paz-Fridman thank you for the detailed instructions and screenshot.

The first (default) layer was "Network" in policy "Policy_one".

The new layer in "Policy_two" was actually named "Policy_two Network".

To find this I followed your instructions

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

Under Layer details I found the correct name.

To sum up:

  • Not working: add access-section layer "Network" position top name "Gateways Access"
  • Not working: add access-section layer "Policy_two" position top name "Gateways Access"
  • Working: add access-section layer "Policy_two Network" position top name "Gateways Access"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top