Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
UCONOC
Explorer

How to delete more than 10000 IP addresses in one shot from MGMT Server

Hi we have a group sitting in out MGMT server named "BLACKLIST" and in that group there are more than 10000 IP addresses are there. So if we go deleting them manually that will going to take like forever. 

So, is there any handy script is available to delete these 10000 IP addresses together? 

What I mean to say is that by the 'script' or method we want to delete the group and the 10000 IP addresses together in ONE SHOT. 

Thanks 

0 Kudos
4 Replies
_Val_
Admin
Admin

Use something like this:

mgmt_cli delete host --batch  <full path to your csv file>

Of course, you will need to make sure your API server is configured properly, you will have to log in, publish after deletion, and log out.

Another piece of advice, deleting in bulks may take a long time. I would suggest breaking down your list of 10k into a group of around 500 IPs, so you would not experience a timeout with this.

Look for other examples of using a batch file with API, for example here: https://community.checkpoint.com/t5/Management/Trying-to-add-hosts-in-mgmt-cli-using-csv-file/td-p/7...

 

0 Kudos
_Val_
Admin
Admin

0 Kudos
Stuart_Green1
Employee
Employee

Hey, I've done something similar to this before and have some scripts that might help you here https://github.com/chkp-stuartgreen/policy-automation-poc/blob/main/00_baseline_rules_nat.py. It's not one shot when it comes to API calls - but you run the script once and it will delete the hosts according to the pattern you specify. 

0 Kudos
PhoneBoy
Admin
Admin

You cannot simply delete objects unless they are not referred to anywhere.
So, at a high level, this means:

  1. Listing the contents of the BLACKLIST group: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-group~v1.8%20 
  2. Removing each object from the group: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-host~v1.8%20
  3. Removing the object itself: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-host~v1.8%20 

If that last command fails, then you should not delete the object and review the situation manually.
Also, if there are things other than hosts in this group, you will need to use a different API call to modify/remove the object.

Note that listing the contents of a group of that many items will require multiple API calls since the API doesn't return a large number of results at once by design.
You could easily perform the above three tasks in a loop until the BLACKLIST group is empty and perform a "publish" action on each iteration of the loop (recommended to keep the server performant).
And, finally, at the end, delete the group itself: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-group~v1.8%20 

Not aware of any publicly available scripts that do all the above.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events