Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Malte_Bockelman
Participant

Inline Layer Filter via show-acccess-rulebase

Hey,

Refrence to the post show-access-rulebase along with inline layers‌ , we've managed to display inline layers with the show-acccess-rulebase command. But now as soon as we use any filter, the commands output is empty.

The same search settings in the smartconsole GUI returns the result correctly.

Smartconsole GUI:

Input with filter:

{
"offset": 0,
"limit": 500,
"name": "838ecbc8-08f6-4961-b454-b41012a08874",
"details-level": "standard",
"use-object-dictionary": true,
"filter": "src:192.168.178.5 AND dst:19.78.168.1 AND svc:80",
"filter-settings": {
"search-mode": "Packet",
"packet-search-settings": {
"match-on-any": true
}
}
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Input without filter:

{
"offset": 0,
"limit": 500,
"name": "838ecbc8-08f6-4961-b454-b41012a08874",
"details-level": "standard",
"use-object-dictionary": true,
"filter-settings": {
"search-mode": "Packet",
"packet-search-settings": {
"match-on-any": true
}
}
}‍‍‍‍‍‍‍‍‍‍‍‍‍

Ouput with filter:

{
"uid": "838ecbc8-08f6-4961-b454-b41012a08874",
"name": "Testlayer",
"rulebase": [],
"total": 0
}‍‍‍‍‍‍

Ouput without filter:

{
"uid": "838ecbc8-08f6-4961-b454-b41012a08874",
"name": "Testlayer",
"rulebase": [
{
"uid": "3ec644bf-d753-462f-b262-9bfbb20080a3",
"name": "innerRule4",
"type": "access-rule",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"rule-number": 1,
"track": {
"type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"per-session": false,
"per-connection": false,
"accounting": false,
"alert": "none"
},
"source": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"source-negate": false,
"destination": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"destination-negate": false,
"service": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"service-negate": false,
"vpn": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"action": "6c488338-8eec-4103-ad21-cd461ac2c472",
"action-settings": {
"enable-identity-captive-portal": false
},
"content": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"content-negate": false,
"content-direction": "any",
"time": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"custom-fields": {
"field-1": "",
"field-2": "",
"field-3": ""
},
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1550144829253,
"iso-8601": "2019-02-14T12:47+0100"
},
"last-modifier": "malte.bockelmann",
"creation-time": {
"posix": 1549982303044,
"iso-8601": "2019-02-12T15:38+0100"
},
"creator": "mirko.leschhorn"
},
"comments": "",
"enabled": true,
"install-on": [
"6c488338-8eec-4103-ad21-cd461ac2c476"
]
}
],
"objects-dictionary": [
{
"uid": "6c488338-8eec-4103-ad21-cd461ac2c472",
"name": "Accept",
"type": "RulebaseAction",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
}
},
{
"uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name": "Any",
"type": "CpmiAnyObject",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
}
},
{
"uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"name": "None",
"type": "Track",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
}
},
{
"uid": "6c488338-8eec-4103-ad21-cd461ac2c476",
"name": "Policy Targets",
"type": "Global",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
}
}
],
"from": 1,
"to": 1,
"total": 1
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Mirko Leschhorn

4 Replies
Joshua_Hatter
Employee
Employee

I was unable to reproduce this in the lab against R80.20GA, forcing version 1.1 of api. Everything looks correct as far as I can tell. I noticed the P in packet is capitalized, but I tested that and it still works in lab.

Malte_Bockelman
Participant

I've tested the issue with another inline layer and we still get no result. Even if we just send a "Space" or "src:Any", we still get the same issue. Currently we are running R80.10 with Checkpoint API v1.1, is it possible that the issue is caused by the older version ?

Malte_Bockelman
Participant

Can someone confirm that this is caused by R80.10 ?

0 Kudos
Mirko_Leschhorn
Participant

I tested a little bit with the Demos of r80.10 and r80.20 (Also to check whether this is a local or version problem), both with API-Version 1.1 and the same configs and filter. What I figured out:

r80.10:

  1. Search in Inline Layer without filter -> Response with all rules
  2. Search in Inline Layer with filter -> Empty Response
  3. Search in Shared Inline Layer, which is used by a Policy-Package and so the mode is Ordered (Shared checkmark alone does not work) -> Response with filtered Rule, as wanted

r80.20

  1. Search in Inline Layer without filter -> Response with all rules
  2. Search in Inline Layer with filter -> Response with filtered Rule, as wanted
  3. Search in Shared Inline Layer, which is used by Policy-Package -> Response with filtered Rule, as wanted

So, there seems to be something changed/fixed in r80.20. As not all Inline Layers used in r80.10 will be shared and set into the "Ordered"-Mode, there may be no other way then upgrading to r80.20 to use the command for Inline Layers as expected. 

Best regards

Mirko

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events