This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nicolas_Boisse
Employee Alumnus
Employee Alumnus
‎2017-07-26 01:10 PM

R80.10: Hosts Discovery and creation

Here a new way to save times... Automatic hosts discovery and creation. Know what is going on in your network!

Let's discover some hosts!

 

How it works: Basically, from the management server (via the cprd_util command), I get the arp table from a gateway. With this info, I create a .csv file.

 

Subsequently, I import the csv file into the R80 management with the command "mgmt_cli --batch file.csv". If the object already exists, it will not be created. This is supported by "mgmt_cli --batch".

 

In the definition of the object, I include the following information with relevant comments: IP, Name, MAC address, behind which network interface of the fw, name of the firewall, timestamp.

 

All the information created here is retrieve via the arp file and automatically create with mgmt_cli:

I also add 2 tags (new feature of R80). This allows quick searches in object list:

For example, if I search for objects behind the eth2 interface:

 

Searching for all object related to a particular gateway:

 

EXÉCUTION:

3 options to run the script:

1- Command line in expert mode:

2- With a cronjob at every 5 minutes:

3- Directly from the SmartConsole:

Go to Gateway and server view:

Create a new script and give a name, save and publish the change :

Run the script :

Two arguments are required. Gateway name and IP address of the gateway. Optional third argument: groupe name. If you specify a group name, all the discovered hosts will be added to that group. If you don’t, a group called "Discovered" will be created with all discovered hosts added to it.

Run the script:

Important Note: You must run the script on the management object because of the API calls.

 

This is a basic example of what we can do via the API and R80. I believe this will be useful when deploying a new gateway and administrator need to discover what is going on…

 

Hope this helps!

 

Happy scripting!

Labels
1_hostdiscovery.txt.zip
2 Replies
Moti
Admin
Admin
‎2017-08-03 08:49 PM

Awesome !!

0 Kudos
Chris_Hoff
Contributor
‎2017-12-28 12:28 PM

Nicolas Boisse I think this is a great script and could be very useful - especially in newer deployments. 

Looking at the script I'm not sure if the "validading" portion looks for both the name and the IP and unique instances of one or the other. Would not want to create additional, unnecessary, objects. 

A thought, why not pull the IP to host name using something like nslookup in order to provide a better object name. It could still be given a "discovered host" tag and/or be added to the discovered hosts group in order to distinguish between user created vs discovered object. This could help an administrator when viewing logs - rather than seeing "HostDiscovered_IP" they would see a network name that may be more useful to them. 

Last thought to bother you with - can you give some other examples where this may be useful. The obvious one is with a new deployment where you quickly want to add hosts for use in the policy. I notice you gave the example of a cronjob running at 5 minute intervals - how would this be useful other than finding new hosts over a period of time? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events