This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
UCONOC
Explorer
‎2022-09-29 05:53 PM

How to delete more than 10000 IP addresses in one shot from MGMT Server

Hi we have a group sitting in out MGMT server named "BLACKLIST" and in that group there are more than 10000 IP addresses are there. So if we go deleting them manually that will going to take like forever. 

So, is there any handy script is available to delete these 10000 IP addresses together? 

What I mean to say is that by the 'script' or method we want to delete the group and the 10000 IP addresses together in ONE SHOT. 

Thanks 

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2022-09-30 01:56 AM

Use something like this:

mgmt_cli delete host --batch  <full path to your csv file>

Of course, you will need to make sure your API server is configured properly, you will have to log in, publish after deletion, and log out.

Another piece of advice, deleting in bulks may take a long time. I would suggest breaking down your list of 10k into a group of around 500 IPs, so you would not experience a timeout with this.

Look for other examples of using a batch file with API, for example here: https://community.checkpoint.com/t5/Management/Trying-to-add-hosts-in-mgmt-cli-using-csv-file/td-p/7...

 

0 Kudos
_Val_
Admin
Admin
‎2022-09-30 01:57 AM

And just in case, API reference: https://sc1.checkpoint.com/documents/latest/APIs/#cli/delete-host~v1.8%20

0 Kudos
StuartGreen
Employee
Employee
‎2022-09-30 03:33 AM

Hey, I've done something similar to this before and have some scripts that might help you here https://github.com/chkp-stuartgreen/policy-automation-poc/blob/main/00_baseline_rules_nat.py. It's not one shot when it comes to API calls - but you run the script once and it will delete the hosts according to the pattern you specify. 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-03 10:54 AM

You cannot simply delete objects unless they are not referred to anywhere.
So, at a high level, this means:

  1. Listing the contents of the BLACKLIST group: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-group~v1.8%20 
  2. Removing each object from the group: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-host~v1.8%20
  3. Removing the object itself: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-host~v1.8%20 

If that last command fails, then you should not delete the object and review the situation manually.
Also, if there are things other than hosts in this group, you will need to use a different API call to modify/remove the object.

Note that listing the contents of a group of that many items will require multiple API calls since the API doesn't return a large number of results at once by design.
You could easily perform the above three tasks in a loop until the BLACKLIST group is empty and perform a "publish" action on each iteration of the loop (recommended to keep the server performant).
And, finally, at the end, delete the group itself: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-group~v1.8%20 

Not aware of any publicly available scripts that do all the above.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events