Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dayde
Participant

How to find access rules via API without name

Jump to solution

I am creating an automation that gathers all FW rules, network objects, host objects, service objects, and groups. I have found most of the information I need via the web API using show-objects, however I am at a loss on how to find the rules themselves. Via the API I am getting a list of all domains & servers/firewalls from the show-mdss endpoint, logging into the returned domains, gathering access-layers, and gathering all objects. However, I am at a loss on how to pull down the access-sections or access-rules without knowing what name they are using. I have found many examples of how to show the access rules using the name, I am not finding anything for how to get a list of names of all of the access rules. Any help is much appreciated!

Thanks

0 Kudos
1 Solution

Accepted Solutions
Art_Zalenekas
Employee
Employee

show access rulebase will do it. In the API docs, just search for rulebase. Good luck!

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-access-rulebase~v1.8%20

View solution in original post

0 Kudos
4 Replies
Art_Zalenekas
Employee
Employee

show access rulebase will do it. In the API docs, just search for rulebase. Good luck!

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-access-rulebase~v1.8%20

0 Kudos
Dayde
Participant

Thanks for the reply.

In the API docs it looks like a name or uid is required. I am looking for the endpoint that will give me a list of the rulebase names. While I have a lot of experience with older checkpoints and other modern FW's, I am not super familiar with how the current checkpoints function, so I may just be missing something obvious.

0 Kudos
PhoneBoy
Admin
Admin

show access-layers is probably what you want.
See: https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-access-layers~v1.8%20

It might also be policy packages (I.e. show packages), keeping in mind a policy package is made up of multiple layers.
See: https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-packages~v1.8%20

0 Kudos
Dayde
Participant

Thanks @Art_Zalenekas & @PhoneBoy . show access-layers & show access-rulebase is what I needed. What really threw me off was that the names and uids returned under the access-layers key is what I need to use in the postdata for show access-rulebase or show access-sections. It would be nice if the API docs mentioned this under all 3 of those endpoints 🙂 Thanks again for the help

0 Kudos