- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Prior to R80, there was a closed-source tool by Check Point called export_import_profile.
Starting with R80:
1. The back-end representation of profiles and protections has changed, so the tool is no longer supported.
2. The open API enable any customer to make their own export and import operations.
Step 1: On the source machine, export the specific Threat Prevention Profile
The show threat-profile command returns a structure of the profile's settings.
Example:
show threat-profile name MyOrganization details-level full
uid: "fa1aa324-a8cc-4dbd-bc04-f31fdb8abf61"
name: "MyOrganization "
type: "threat-profile"
domain:
uid: "a0bbbc99-adef-4ef8-bb6d-defdefdefdef"
name: "Check Point Data"
domain-type: "data domain"
active-protections-performance-impact: "medium"
active-protections-severity: "Medium or above"
confidence-level-low: "Inactive"
confidence-level-medium: "Prevent"
confidence-level-high: "Prevent"
ips: true
ips-settings:
newly-updated-protections: "staging"
exclude-protection-with-performance-impact: false
exclude-protection-with-severity: false
threat-emulation: true
anti-virus: true
anti-bot: true
Step 2: On the source machine, export IPS Protections which had their action override for this specific Threat Prevention Profile
This part is a little tricky - you have to go over all protections, and only pick the ones that have a different action for your profile.
The show threat-protections command returns the protections.
There is no way to get all the IPS Protections as one response, since that would make the output so big it will fail to return. Therefore we have to use the "offset" parameter to advance and get 50 protections every time.
In the example below, the first protection just happened to have an override action for the "MyOrganization" profile. The second protection did not have an override action for the "MyOrganization" profile.
Example:
show threat-protections offset 0 details-level full
protections:
- uid: "8027f5c8-1bac-cf49-99a3-59a89a35cdb6"
name: "3Com Network Supervisor Directory Traversal"
type: "threat-protection"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
severity: "High"
confidence-level: "Medium"
performance-impact: "Low"
release-date: "20091124"
update-date: "20091124"
profiles:
- name: "Basic"
uid: "eb39a60d-c454-49f5-a28c-a89aa5bd2e09"
default:
action: "Inactive"
track: "log"
capture-packets: false
final:
action: "Inactive"
track: "log"
capture-packets: false
- name: "Strict"
uid: "caf8b711-d762-4c1e-82d5-6af2549b2869"
default:
action: "Prevent"
track: "log"
capture-packets: false
final:
action: "Prevent"
track: "log"
capture-packets: false
- name: "MyOrganization"
uid: "fa1aa324-a8cc-4dbd-bc04-f31fdb8abf61"
default:
track: "log"
capture-packets: false
override:
action: "Prevent"
track: "log"
capture-packets: false
final:
action: "Prevent"
track: "log"
capture-packets: false
comments: ""
follow-up: false
ipsAdditionalProperties:
...
name: "3Com TFTP Server Transporting Mode Remote Buffer Overflow"
type: "threat-protection"
- name: "MyOrganization"
uid: "fa1aa324-a8cc-4dbd-bc04-f31fdb8abf61"
default:
action: "Inactive"
track: "log"
capture-packets: false
final:
action: "Inactive"
track: "log"
capture-packets: false
...
Step 3: On the target machine, create the new profile.
The add threat-profile command creates a new Threat Prevention Profile.
You have to convert the output from step 1 to a command-line with the values.
Example:
add threat-profile name MyOrganization active-protections-performance-impact "medium" active-protections-severity "Medium or above" confidence-level-low "Inactive" confidence-level-medium "Prevent" confidence-level-high "Prevent" ips true ips-settings.newly-updated-protections "staging" ips-settings.exclude-protection-with-performance-impact false ips-settings.exclude-protection-with-severity false threat-emulation true anti-virus true anti-bot true
Step 4: On the target machine, set protection actions for the specific protections that were exported at step 2.
The set threat-protection command lets you change the action of the protection for a given profile.
Example:
set threat-protection name "3Com Network Supervisor Directory Traversal" overrides.1.profile MyOrganization overrides.1.action Prevent
Tomer, I am concerned that CP is beginning to rely too heavily on the programmatic functionality for trivial and common tasks.
Having these capabilities in addition to a two-click action this is supposed to be, is great, as it will empower those capable and in need of a comprehensive scripted operations to do this job, while not alienating already overworked mid-market admins who were sold on the capabilities, simplicity and intuitiveness of the SmartConsole and the Single Pane of Glass idea.
I agree that if this was a standard common thing that most of our customers were doing then we should have provided a 1-click solution.
Importing an exporting IPS settings between different machines is considered a deployment / provisioning scenario, and typically those scenarios could have more steps. So in this particular case - I am in favor of giving building blocks and letting others utilize them.
There are other cases in which we have API and no simple UI, for example - a view of all objects that have the same IP of another object - and to those cases we will work to add the simple UI out of the box.
I suspect that this is more of the operational issue in addition to deployment and migration.
If situation described in sk113748 arises and leads to the need of IPSClean files to replace all the corrupted IPS configuration files, it could be handy to have the import and export capabilities.
Incidentally, are the IPS profiles with overrides a part of the Gaia Backup?
IPSClean is no longer We have revision revert for IPS since R80.
Gaia Backup retains all security management configuration.
@Tomer Sole
That API Call is very helpful! Is there a similar API to set the Recommended and Default Inspection profiles under the Inspection Settings?
Might be a better question for Amiad Stern
If I had to guess, it's something that will require using the generic object API, though through a cursory glance, I do not see what property it is.
Please confirm if ips_export_import command was introduced back in R80.20.
Page 38.
I'm not seeing this utility here in my R80.20 standalone installation VM, so unless this is a special package that needs to be installed separately it looks like the answer is no.
Thank you for looking into it Tim. I have R80.10 with take 169 installed on my machine and binary is located at
Hi Ramchand and All,
I am also searching for a simple and straight forward way to export / import only IPS configuration.
In the last R80.20 take 47 this ips_export_import utility is not presented (attached screenshot).
I checked the provided Thread Prevention Administration guide for R80.30 version, which is not available for download, at it seems that this utility is removed according to the revision history of the document (attached screenshot).
Ramchand, can you please advise when this IPS configuration export functionality will be available?
Thanks.
An open API procedure Tomer outlined above would allow similar export & import functionality.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
5 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY