Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SecNetEng
Contributor
Jump to solution

How do I add a new access-section to a specific package via the api?

I use the following to add script to the first policy on my SMS, using SmartConsole API.

add access-section layer "Network" position top name "Gateways Access"
add access-section layer "Network" position bottom name "Noise Suppression"
add access-section layer "Network" position bottom name "Stealth Rule"
add access-section layer "Network" position bottom name "Internet Access"
add access-section layer "Network" position bottom name "Cleanup Rule"

Later, I created a second policy for another gateway, I want to add these access-sections to the new policy.

I find that this still adds the sections to the first policy, no matter which policy I have selected in SmartConsole.

https://sc1.checkpoint.com/documents/latest/APIs/#gui-cli/add-access-section~v1.9%20

The API does not support specifying a package.

How do I script adding access-sections to a specific policy package using SmartConsole API?

1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

You need to replace the name of the layer, in the case of your example "Network" with the relevant one.

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

For example from Cloud Demo:

2023-02-27 11_43_18-Manage policies and layers.png

View solution in original post

0 Kudos
(1)
4 Replies
Hugo_vd_Kooij
Advisor

It seems that hardly any command has an option to select the package. So far I only found it at 

show access-rulebase

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Chris_Atkinson
Employee Employee
Employee

@PhoneBoy explained the context of this previously here:

https://community.checkpoint.com/t5/API-CLI-Discussion/set-a-policy-package-api/m-p/8995 

CCSM R77/R80/ELITE
0 Kudos
(1)
Tal_Paz-Fridman
Employee
Employee

You need to replace the name of the layer, in the case of your example "Network" with the relevant one.

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

For example from Cloud Demo:

2023-02-27 11_43_18-Manage policies and layers.png

0 Kudos
(1)
SecNetEng
Contributor

@Tal_Paz-Fridman thank you for the detailed instructions and screenshot.

The first (default) layer was "Network" in policy "Policy_one".

The new layer in "Policy_two" was actually named "Policy_two Network".

To find this I followed your instructions

You can retrieve the name in CLI or in SmartConsole > Menu > Manage policies and layers > Layers > Access Control

Under Layer details I found the correct name.

To sum up:

  • Not working: add access-section layer "Network" position top name "Gateways Access"
  • Not working: add access-section layer "Policy_two" position top name "Gateways Access"
  • Working: add access-section layer "Policy_two Network" position top name "Gateways Access"

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events