Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
martylee
Participant

Python script to install access rules on check point R80.40 - add multiple ports

Jump to solution

Hi there,

Making use of cpapi, I can write some python scripts to add access rules from an excel file into a check point firewall R80.40

This is the youtube link that I demo the process.

https://www.youtube.com/watch?v=8D4XJ3Bwtrk

One of the limitations of the python scripts is that I can only add a single source IP address, a single destination address and a single port for a given row (or a given single rule number).

But in my work environment, a single rule number most likely contains multiple  source IP addresses, multiple  destination addresses and multiple ports, such as the sample excel that I upload in this post (ADD_RULES_real_world.xlsx).

It would be great if you could shed some light.

(You can see or download my source code from the youtube link as the file .py is not supported here.)

Thank you.

Marty

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Advisor

I'm not able to download the code. From the video, it looks like when you're creating the objects, you set obj_src and obj_dst to be equal to a given name, rather than appending the name to a list. Thus, when you use obj_src and obj_dst later to make the API call to create the rule, they only contain one thing each.

View solution in original post

0 Kudos
6 Replies
Bob_Zimmerman
Advisor

I'm not able to download the code. From the video, it looks like when you're creating the objects, you set obj_src and obj_dst to be equal to a given name, rather than appending the name to a list. Thus, when you use obj_src and obj_dst later to make the API call to create the rule, they only contain one thing each.

0 Kudos
martylee
Participant

Hi Bob,

Thank you for giving me some directions. Will try to work on it about using list.

Already fixed the link on youtube and the source code is zipped here. 

0 Kudos
martylee
Participant

Hi Bob, _Val_ and everyone,

Thanks Bob for providing me a direction on using list. It works like a charm. Another questions are:

1. how to add groups (grouping of different subnets), what is the parameters or keyword I should use in the python script ?

2. how to add port range eg: tcp port 1000-200 ? Again I don't know the parameter of keywords.

0 Kudos
_Val_
Admin
Admin

Zip and share python code here please.

0 Kudos
martylee
Participant

Hi _Val_,

thanks for your reminder. It is shared here. 

0 Kudos
martylee
Participant

You may download the source code as below link:

https://www.youtube.com/watch?v=xgh4M6TvlxE

0 Kudos