This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Mentor
Mentor
‎2018-08-06 09:17 AM

My Security Management Setup Script

The Security Management API's let us recreate the same security configuration settings in every environment. 

I attached the API scripts that we use to set up the Cool Feature in R80.10: Cloud-Based Demo Mode  environment. Because this is a demo mode environment, the network elements are all fake and OK to use Smiley Happy

I published basically the same script but in SmartCenter mode and in Multi-Domain mode (editing just one of the domains).

You can use this as template to provision your own setup environment.

Revisions:

 

Gateways:

 

Access Control Policy with an inline layer for Application Control:

 

Access Control Policy with an inline layer for Content Awareness, and another inline layer for Rule With Exceptions:

 

An example of how an upgraded Access Control policy from R7x looks like in R80.10 - one ordered layer for network access, and one ordered layer for managing web applications:

 

Threat Prevention Policy with different profiles for different scopes behind the same gateway:

1_my-security-management-setup-script.zip
3 Replies
Vivek_McClure
Explorer
‎2018-08-15 07:02 AM

Nice!

0 Kudos
abhijeet6
Explorer
‎2020-07-27 12:44 AM

Its very nice script which will help everyone.

I am migrating below rules to checkpoint R80.40 (API)

access-rule from LAN to WAN action allow source address name "CL App 12.242" destination address name SF_10.120.22.202
access-rule from LAN to GS action allow source address name "CL App 12.242" service name TCP_1415 destination address name SF_10.120.22.202

Can you confirm below policy syntax is correct

add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "any" action "accept" track-settings.type "Log" position "1" name "rule1" install-on "chkpt" --port Any
add access-rule layer "Network" source "CL App 12.242" destination "SF_10.120.22.202" service "TCP_4434" action "accept" track-settings.type "Log" position "1" name "rule2" install-on "chkpt" --port 4434

0 Kudos
MannyMekala
Explorer
‎2022-10-12 07:16 AM

This is of great help, thank you for the hard work and sharing it to the community.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top