This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Emory_Christens
Participant
‎2019-01-09 11:39 AM

How do you find the name of an access rulebase?

I'm looking in the UI under "Access Control" and I see some different groups "Firewall Management", "Infrastructure rules," etc, and inside them are what I am assuming are the "rules" (DNS access, NTP access, etc). My question is: how do I identify which of these I need to reference when making a REST call for show access-rulebase? The API call requires only a name field, and so far everything returns 404. 

Full disclosure: I am not a networking engineer, we are just creating some automation to clean up firewall rules for server lifecycle management. If this is the wrong place to ask, I apologize. 

Labels
6 Replies
PhoneBoy
Admin
Admin
‎2019-01-09 01:33 PM

The "Firewall Management" and "Infrastructure rules" are what we call access-sections.

A rulebase is actually part of a layer.

To get a rulebase, you need to know what layer it is a part of.

The name at the API level may be different than what SmartConsole shows.

To get the layer names, you use the API call show-layers.

From that, you can see the actual name of the layer.

You can also see it in this screen in SmartConsole if you uncheck the "Show only shared layers" checkbox:

Emory_Christens
Participant
‎2019-01-09 01:46 PM
In response to PhoneBoy

Thanks for the response.

When I make the API call for show-access-layers, I get a 400 bad request.

I'm using Powershell to do this:

$layerbody = @{
 "Limit" = "100";

}

$layerjson = $layerbody | ConvertTo-JSON

$layers = irm https://checkpointserver/web_api/v1.1/show-access-layers -method POST -headers $headers -body $layerjson -ContentType application/json

It returns the same if I don't supply a request body. Suggestions?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-09 09:16 PM
In response to Emory_Christens

Here's how I'm able to get the output of show-access-layers using curl:

curl --silent --insecure -XPOST https://mgmtip/web_api/v1.1/show-access-layers --data-binary "{ \"limit\": 100 }" -H "Content-Type: application/json" -H "X-chkp-sid: $SID"

Based on what you've done above, I'm guessing the ; is causing an issue.

Because when I include it in my call, I get:

{

  "code": "generic_err_invalid_syntax",

  "message": "Payload is not a valid JSON"

}

It's possible you're also missing the SID header, but I can't tell if you're including it in your headers.

0 Kudos
Emory_Christens
Participant
‎2019-01-10 10:40 AM
In response to PhoneBoy

The ";" is required by Powershell when I set the variable otherwise it complains about setting something like "x" = "y", once you pipe it to the ConvertTo-JSON it goes away and looks like regular JSON. I am including the login SID in my $headers variable, it just happens earlier in the code. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-10 08:23 PM
In response to Emory_Christens

What about the quotes around 100?

That would imply you're setting the limit to a string when it should be an integer.

0 Kudos
Joshua_Hatter
Employee
Employee
‎2019-01-11 07:30 AM
In response to Emory_Christens

The L in limit needs to be lowercase is the first problem, capital L would give a 400 with json response describing Limit as an unrecognized parameter.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events