This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
John_Madigan
Employee Alumnus
Employee Alumnus
‎2018-11-07 12:16 PM

R80.20 Script Needed to Perform Bulk Find and Replace

I have an R80.20 Management Server and a requirement to replace existing network objects with R80.20 wildcard objects where ever the old objects are referenced in the rulebase. There are approximately 60 objects, with > 1000 references in the existing rulebase.

Prior to R80.x I would have used sed to perform a global find and replace on the rulebases_5_0.fws file, however now I am looking for a way to achieve this using mgmt_cli or a script to perform a find and replace.

Labels
9 Replies
Joshua_Hatter
Employee
Employee
‎2018-11-09 06:39 PM

SmartConsole where-used menu has a replace option that can probably accomplish what you want.

0 Kudos
Wes_Belt
Employee Alumnus
Employee Alumnus
‎2018-11-10 01:57 PM
In response to Joshua_Hatter

John Madigan‌ and I are working together on this.

We have to update/replace 55 objects across all the rules in a policy, so while we could do it manually in SmartConsole GUI with the where-used / replace function we decided it was a good opportunity to script a solution in Python using the R80 APIs.  We are basically going to use the API where-used to find the rules that need to be updated then use set-access-rule to make the replacements/updates we need from there.

0 Kudos
Joshua_Hatter
Employee
Employee
‎2018-11-10 03:58 PM
In response to Wes_Belt

Seems like you got it figured out, was there a question?

R&D wrote a full blown wrapper in Python2 on GitHub, and I posted one on GitHub as well in Python3, also available here on check mates. 

Let us know if you have any questions.

0 Kudos
Wes_Belt
Employee Alumnus
Employee Alumnus
‎2018-11-10 05:10 PM
In response to Joshua_Hatter

Yeah no questions as of yet, so far it is all working.  I looked at the github wrapper briefly but had experience using the python (2.7) requests library so just built the script around that.  We wanted to get something up and running quickly, but I will revisit the github wrappers at some point in the future.

Will be sure to reach out if we run into any issues but the API documentation is excellent and so far everything going as expected!

Wes_Belt
Employee Alumnus
Employee Alumnus
‎2018-11-25 05:27 AM
In response to Wes_Belt

We were able to get a script working for our conversion.  It is a single use case script (don't see a lot of reuse potential) but I shared it on github anyhow just to experiment more with git and github Smiley Happy

GitHub - chkp-wbelt/convert-wildcard: Check Point management API script to migrate R77.30 wildcard o... 

Paul_Gademsky
Employee Employee
Employee
‎2018-12-27 03:30 PM
In response to Joshua_Hatter

Do you have the links for the wrappers?

Thank you, 
Paul G. CCSM

0 Kudos
Joshua_Hatter
Employee
Employee
‎2018-12-28 04:57 AM
In response to Paul_Gademsky

The wrapper written by Check Point development now also supports Python3! 

GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit 

0 Kudos
Wes_Belt
Employee Alumnus
Employee Alumnus
‎2019-01-08 07:54 AM
In response to Joshua_Hatter

We updated this script (on github link above) to use the official API.  Biggest benefits from my perspective were the built in functionality for wait_for_task on the publish and dealing with the signature and low level HTTP stuff, which was all custom code in the prior script.  I haven't tested pip install with git link yet, but that would be the nice thing we would add just for ease of use an experience.

Paul_Gademsky
Employee Employee
Employee
‎2018-12-27 03:26 PM

I have a similar question to this.

I have tcp and udp services that were imported using confwiz under R77.30 from Cisco ASA's and named by the wizard, so I have multiples of the same service (i.e. hydro_UDP_Service_80, chep_UDP_Service_80 (some have about 13 iterations). They are used in a variety of policies and groups.

The goal is to change one of the existing service names to UDP_Service_80, and then do a where_used on the remainder and replace them in the found objects with the renamed service, and then delete the unused service objects.

Currently, I'm working on manually doing the UDP services from SmartConsole, and have made my way through 100 objects so far (tedious, but it works) using object explorer.  The down side is that the UDP objects to be changed is ~1300, and the tcp is around 3,500. Hence the need for the scripting.

I have postman running on a test system to try to make these changes, but based on the above, it sounds that it might be more like a python job?

I did see from the CPX presentation by Marco, that they were planning on being able to capture user actions to make scripts, any progress on that (as it might be useful here?

Paul G, CCSM

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events