This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
martylee
Participant
‎2022-05-18 08:23 AM

Python script to install access rules on check point R80.40 - add multiple ports

Jump to solution

Hi there,

Making use of cpapi, I can write some python scripts to add access rules from an excel file into a check point firewall R80.40

This is the youtube link that I demo the process.

https://www.youtube.com/watch?v=8D4XJ3Bwtrk

One of the limitations of the python scripts is that I can only add a single source IP address, a single destination address and a single port for a given row (or a given single rule number).

But in my work environment, a single rule number most likely contains multiple  source IP addresses, multiple  destination addresses and multiple ports, such as the sample excel that I upload in this post (ADD_RULES_real_world.xlsx).

It would be great if you could shed some light.

(You can see or download my source code from the youtube link as the file .py is not supported here.)

Thank you.

Marty

Preview file
10 KB
Preview file
11 KB
code.zip
0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Advisor
‎2022-05-18 10:21 AM

Jump to solution

I'm not able to download the code. From the video, it looks like when you're creating the objects, you set obj_src and obj_dst to be equal to a given name, rather than appending the name to a list. Thus, when you use obj_src and obj_dst later to make the API call to create the rule, they only contain one thing each.

View solution in original post

0 Kudos
6 Replies
Bob_Zimmerman
Advisor
‎2022-05-18 10:21 AM

Jump to solution

I'm not able to download the code. From the video, it looks like when you're creating the objects, you set obj_src and obj_dst to be equal to a given name, rather than appending the name to a list. Thus, when you use obj_src and obj_dst later to make the API call to create the rule, they only contain one thing each.

0 Kudos
martylee
Participant
‎2022-05-19 05:06 AM
In response to Bob_Zimmerman

Jump to solution

Hi Bob,

Thank you for giving me some directions. Will try to work on it about using list.

Already fixed the link on youtube and the source code is zipped here. 

0 Kudos
martylee
Participant
‎2022-05-23 10:32 AM
In response to Bob_Zimmerman

Jump to solution

Hi Bob, _Val_ and everyone,

Thanks Bob for providing me a direction on using list. It works like a charm. Another questions are:

1. how to add groups (grouping of different subnets), what is the parameters or keyword I should use in the python script ?

2. how to add port range eg: tcp port 1000-200 ? Again I don't know the parameter of keywords.

0 Kudos
_Val_
Admin
Admin
‎2022-05-19 01:21 AM

Jump to solution

Zip and share python code here please.

0 Kudos
martylee
Participant
‎2022-05-19 05:04 AM
In response to _Val_

Jump to solution

Hi _Val_,

thanks for your reminder. It is shared here. 

code.zip
0 Kudos
martylee
Participant
‎2022-05-29 10:04 AM
In response to martylee

Jump to solution

You may download the source code as below link:

https://www.youtube.com/watch?v=xgh4M6TvlxE

0 Kudos