This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ryan_Puckett
Employee
Employee
‎2017-08-09 06:14 PM

How to check if policy is changed but not installed?

Is there something in R80.10 that can be queried to verify if a policy has updated but not installed (pushed out) changes?

The use case is to incorporate the check in a policy install script, where only policies that have changes since the last install get installed.

In versions prior to R80, we queried for times in the fw_policies and install_statuses tables and monitored the last_modified time. I'm trying to replicate this logic in R80.10, but I'm not having luck finding a corresponding modified time variable that changes after I publish a change. I've been looking at show package with details-level set at full, but nothing changes in the output json file once I publish changes.

Labels
14 Replies
Timothy_Hall
Legend Legend
Legend
‎2017-08-11 05:42 AM

There is a "View Changes" button on the install policy screen in R80+ that shows the difference between what is about to be pushed to the gateway vs. what the gateway has currently loaded.  Not sure if this info is somehow available in the mgmt_cli but might be worth investigating.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
Ryan_Puckett
Employee
Employee
‎2017-08-11 01:05 PM
In response to Timothy_Hall

That's it!

Under the "show changes" API call, there is a "session publish time" that gets updated whenever the policy is published. Exactly what I needed.

mgmt_cli show changes --domain Test01 --root true --format json | jq -r '.tasks[] | ."task-details"[] | .changes[] | .session."publish-time".posix'

Thank you.

Rob_Napholz
Participant
‎2017-11-22 07:05 AM
In response to Ryan_Puckett

This is great, but which policy was edited/changed

 

I am trying to determine which policies have been edited(which policies need to be installed).

 

0 Kudos
Robert_Decker
Advisor
‎2018-03-27 06:27 AM
In response to Rob_Napholz

Hi Rob,

It is possible to accomplish your request if you combine data from several API commands.

I'll post the answer (bash script) shortly.

Robert.

0 Kudos
Rob_Napholz
Participant
‎2018-03-28 02:31 PM
In response to Robert_Decker

I have come across an issue on my mgmt

The time stamps are the same prior and after a publish

[Expert@r80:0]# mgmt_cli  show-package name t_policy --format json -s id.txt |jq -r '.["meta-info"]["last-modify-time"]["posix"]'
1516633060917
[Expert@r80:0]# mgmt_cli  show-package name t_policy --format json -s id.txt |jq -r '.["meta-info"]["last-modify-time"]["posix"]'
1516633060917  which is January 22, 2018 2:57:40.917 PM

I know this is wrong as the policy was change today

0 Kudos
Robert_Decker
Advisor
‎2018-03-28 10:47 PM
In response to Rob_Napholz

And what about the "iso-8601" field? Does it also show the same date and time?

Robert.

0 Kudos
Rob_Napholz
Participant
‎2018-03-29 12:08 PM
In response to Robert_Decker

It does, this was the date the policy was created.

 mgmt_cli  show-package name t_policy --format json -s id.txt |jq -r '.["meta-info"]["last-modify-time"]["iso-8601"]'
2018-01-22T09:57-0500

 cpinfo -y all

This is Check Point CPinfo Build 914000176 for GAIA
[IDA]
   HOTFIX_R80_10

[KAV]
   HOTFIX_R80_10

[CPFC]
   HOTFIX_R80_10
   HOTFIX_R80_10_JUMBO_HF    Take: 56

[FW1]
   HOTFIX_R80_10
   HOTFIX_R80_10_JUMBO_HF    Take: 56

FW1 build number:
This is Check Point Security Management Server R80.10 - Build 007
This is Check Point's software version R80.10 - Build 027

0 Kudos
Robert_Decker
Advisor
‎2018-03-29 12:39 PM
In response to Rob_Napholz

This is very strange.

The policy creation time is saved in another field - "meta-info.creation-time.iso-8601". Can you please verify this field's value?

Robert.

0 Kudos
Rob_Napholz
Participant
‎2018-03-29 12:49 PM
In response to Robert_Decker

 mgmt_cli  show-package name t_policy --format json -s id.txt |jq -r '.["meta-info"]
> '
{
  "lock": "unlocked",
  "validation-state": "ok",
  "last-modify-time": {
    "posix": 1516633060917,
    "iso-8601": "2018-01-22T09:57-0500"
  },
  "last-modifier": "csg",
  "creation-time": {
    "posix": 1516633060917,
    "iso-8601": "2018-01-22T09:57-0500"
  },
  "creator": "csg"
}

0 Kudos
Robert_Decker
Advisor
‎2018-03-29 01:51 PM
In response to Rob_Napholz

Wow, I'm speechless...

I suggest contacting our TAC for further investigation.

Robert.

0 Kudos
Robert_Decker
Advisor
‎2018-04-01 02:44 AM
In response to Rob_Napholz

Hi Rob,

I was just informed that the policy package object is not updated when the changes are published.

Therefore, its last-modify-time field is never updated.

As Ryan Puckett posted above, the show-changes command has the information about the published sessions, but the output of this command doesn't state which policy was published...

It seems that the script I wrote will not work due to this limitation.

I'll try to find another solution for this problem.

Robert.

Aakashvaani_74
Explorer
‎2022-04-04 07:17 AM
In response to Robert_Decker

Hi Robert,

Did you get a chance to find the script ? I'm looking for a bash script with same requirement 

0 Kudos
Aakashvaani_74
Explorer
‎2022-04-04 07:14 AM

Hi Puckett,

I'm looking for the same kind of requirement with bash script. Could you pls help me with show changes cli command along with policy name if it is available?

How did you incorporate policy change in show changes cli command ? which field was captured

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top