This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vaidehi
Participant
‎2020-01-02 02:43 PM
Jump to solution

How to add access rule using CLI in r80.30

Hello,

I want to add an access rule using CLI in firewall r80.30.

Can anyone please guide me to any document or provide the commands?

Thanks!

1 Solution

Accepted Solutions
12 Replies
Maarten_Sjouw
Champion
Champion
‎2020-01-02 03:12 PM
Jump to solution

Access roles can only be added on the management, not directly on the gateway.
Also when you run a standalone setup the only way is to add the access role in the policy on the management and then push the policy to the gateway. Check Point does not use a ACL type rulebase on the gateway, it is compiled on the management server and then sent to the gateway.

To add a rule in a policy on the management server you can use the API of which you can find all documentation online and lotst of information here on the forum.

Regards, Maarten
vaidehi
Participant
‎2020-01-02 03:16 PM
In response to Maarten_Sjouw
Jump to solution

I am sorry, in my context, "Access rule" means "policy". I was wondering is there a way to add a policy on management server using CLI?
vaidehi
Participant
‎2020-01-03 09:51 AM
In response to PhoneBoy
Jump to solution

Thank you so much for helping!
0 Kudos
vaidehi
Participant
‎2020-01-03 10:11 AM
In response to vaidehi
Jump to solution

Sorry I have one more doubt on same topic. I was able to create a policy using mgmt_cli. I used this syntax:

mgmt_cli add access-rule layer "my_policy Network" source "43.1.1.3" destination "27.1.1.2" service "any" action "accept" track-settings.type "Log" position "1" name "rule1" install-on "chkpt" --port 4434

My doubt: Can i create a source/destination ip address using cli. Because in this scenario, policy gets install if i have already added a source/destination ip. otherwise throws me an error
code: "generic_err_object_not_found"
message: "Requested object [43.1.1.3] not found"
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-01-03 10:13 AM
In response to vaidehi
Jump to solution

Nope, for that you first need to create the host object:
mgmt_cli add host name Myhost ip_address 43.1.1.3
Then use Myhost as the source in your access rule.
Regards, Maarten
0 Kudos
vaidehi
Participant
‎2020-01-03 10:17 AM
In response to Maarten_Sjouw
Jump to solution

Thank you for your quick response Maarten. Okay So correct me if I am wrong, if I have to create 1000 policies (working on a script) with 1000 different source ip, i have to create 1000 host object manually first?

PhoneBoy
Admin
Admin
‎2020-01-03 02:05 PM
In response to vaidehi
Jump to solution

Correct.
Note that a given rule can contain multiple source/destination objects.
Also, you can create objects for networks as well.
That might simplify the policy that gets created.
0 Kudos
vaidehi
Participant
‎2020-01-03 02:07 PM
In response to PhoneBoy
Jump to solution

Got it. Thanks
0 Kudos
Security_Consul
Participant
‎2020-07-13 02:48 AM
In response to Maarten_Sjouw
Jump to solution

I added multi rule but got error

Line 2: code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [action]"

Following this Guide in action field is correct "accept" Why I got still error invalid parameter?

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#cli/add-access-rule~v1.6%20

PhoneBoy
Admin
Admin
‎2020-07-13 10:55 AM
In response to Security_Consul
Jump to solution

Try it as Accept instead of accept.
Some of the API calls are case sensitive.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top