- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Check Point ShowPolicyPackage tool visualizes the contents of a R80 security policy package (layers, rulebases, objects) over HTML pages.
The tool allows the security policy as well as objects in the R80 objects database to be exported into a readable format. This exported information represents a snapshot of the database.
The tool generates a compressed file (.tar.gz) containing the following files:
• HTML files - The objects and rules presented as html files. The "index.html" acts as a starting point and
lists all the available items to display.
• JSON files - The objects and rules exported as multiple JSON files.
• Log file (e.g. show_package-yyyy-mm-dd_HH-MM-ss.elg) - A log file containing debug information.
In version 2.0.6, we've added 3 new flags, which indicates whether to calculate and show the Threat/Access/NAT policy as part of the package (note all three default to true):
Instructions
This tool is hosted on GitHub repository for public use, containing a stand-alone executable Java JAR file (plug & play) and accompanied source code:
https://github.com/CheckPointSW/ShowPolicyPackage
Please follow the usage instructions and examples on this site. It contains valuable information.
P.S. This tool is also delivered along with R80 management server releases. However, the GitHub repository contains the most updated code!
The source code is now public on GitHub repository as mentioned above.
We welcome your feedback! Please create a new thread.
NOTICE: By using this sample code you agree to terms and conditions in this Terms and Conditions
Robert,
I don't have a link in the "Action" Column as shown below (see parent rules # 3 and 4). Please note that I've hidden the original IP addresses and objects.

The Management server is running Gaia R80.10 with no Jumbo HF installed.
Could you please advise?
Thanks,
Nader
Maybe it is due to sections wrapping the inline layers.
I'll check and get back to you.
Robert.
Hi,
Checked with sections, looks fine -

Are you running the tool that is installed by default on your management server or are you using the one from GitHub repo?
Robert.
I'm running the default tool installed on the management server. Which instructions should I follow to install the latest version of this tool?
There is a link on the top of this post to the source of this tool, hosted on GitHub repo. But it is intended for developers, not for security engineers.
I'll generate executable files from the source code and upload to that repo, probably during next week and inform you here.
BTW, when you launch the index.html file you recieve a starting page. Under "Objects" category there should be a link to "access-layer". Can you click on the link and see the info?
Which R80.X version and hotfix take are installed on your server?
Robert.
Yes I can click on the "Access-layer" link under Objects. It shows me a page with different info.
No Hotfix has been installed on our management server and the detailed version is listed below:
******* > show version all
Product version Check Point Gaia R80.10
OS build 421
OS kernel version 2.6.18-92cpx86_64
OS edition 64-bit
****** > cpinfo -y all
This is Check Point CPinfo Build 914000176 for GAIA
[KAV]
 HOTFIX_R80_10
[IDA]
 HOTFIX_R80_10
[CPFC]
 HOTFIX_R80_10
[FW1]
 HOTFIX_R80_10
FW1 build number:
This is Check Point Security Management Server R80.10 - Build 187
This is Check Point's software version R80.10 - Build 423
[SecurePlatform]
 No hotfixes..
[CPinfo]
 No hotfixes..
[SmartLog]
 HOTFIX_R80_10
[MGMTAPI]
 No hotfixes..
[DIAG]
 HOTFIX_R80_10
[SmartPortal]
 No hotfixes..
[Reporting Module]
 HOTFIX_R80_10
[CPuepm]
 HOTFIX_R80_10
[VSEC]
 HOTFIX_R80_10
[R7520CMP]
 HOTFIX_R80_10
[R7540CMP]
 HOTFIX_R80_10
[R7540VSCMP]
 HOTFIX_R80_10
[R76CMP]
 HOTFIX_R80_10
[SFWR77CMP]
 HOTFIX_R80_10
[R77CMP]
 HOTFIX_R80_10
[R75CMP]
 HOTFIX_R80_10
[NGXCMP]
 HOTFIX_R80_10
[EdgeCmp]
 HOTFIX_R80_10
[SFWCMP]
 HOTFIX_R80_10
[FLICMP]
 HOTFIX_R80_10
[SFWR75CMP]
 HOTFIX_R80_10
[rtm]
 No hotfixes..
Ok.
In the same folder where index.html file resides, there should be html files per inline layer ([inline_layer_name]-Management-server.html).
Do you see that files?
In addition, there is a "xxx.elg" file. Please attach this file here for examination.
Thanks.
There no HTML files per Inline layer (see screenshot below).

I can't find the option to attach a text file ?!
https://community.checkpoint.com/people/nassiea6aa1f1-d2d0-490f-bc77-04e8257bcd01 I will connect Robert with you out-of-band.
All stuff is fixed and uploaded to the Github repository, including a new stand-alone plug&play executable.
Please read again the instructions on the top of this page.
Robert.
I need your help. My customer used WebVisualization Tool in the R77.30. Now the MDS was migrated to R80.10. They were importing the files to Web Server. But now with JSON files are with any erros. It is possible export in the R80.10 the same format in the R77.30?
Hi,
Currently the output is in JSON format and it is not in the same structure (due to layers) as in R77.30.
Therefore, just converting the JSON to CSV as is will not help.
Please note that it is an open source tool and it was not intended to replace the WebVisualization Tool.
Anyone can change the source code for his/her needs.
Robert.
Hi,
Unfortunately we are not able to get the "Hits"-column with the "-c"-flag. I tried versions 1.25, 1.30 and 2.00 from the github-repository with different versions in /opt/CPsuite-R80/fw1/api/samples/lib via ...
-> java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -c
Export is always generated without errors, but the "Hits"-column is missing. Using the updated templates from https://github.com/CheckPointSW/ShowPolicyPackage/tree/master/src/main/resources/com/checkpoint/mgmt... in /opt/CPsuite-R80/fw1/api/samples/conf does not help. (I guess the templates are meanwhile included in the "jar".)
show_package-xxx.elg:
[7/3/18 9:00 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.showAccessRulebase()INFO]: Starting handling access layer: 'FWlab Security'
[7/3/18 9:00 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Run command: 'show-access-rulebase' with payload: {"hits-settings":{"from-date":"1970-1-2"},"uid":"xxxxxxxxxxxxx","show-hits":true,"show-membership":true,"use-object-dictionary":true,"details-level":"full"}
[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 59 rules in : 'FWlab Security'
[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Found 0 inline layer(s)
[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Creating html file for layer: 'FWlab Security'
[7/3/18 9:01 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.showRulebase()INFO]: Done handling rulebase 'FWlab Security'
The Hit-counter via SmartConsole is working fine.
Json-file is including the hits-parameters:
...
           "hits":{  
               "level":"low",
               "percentage":"0%",
               "first-date":{  
                  "iso-8601":"2018-06-07T06:48+0200",
                  "posix":1528346887000
               },
               "value":240,
               "last-date":{  
                  "iso-8601":"2018-06-07T06:50+0200",
                  "posix":1528347031000
               }
...
But the HTML-file is generated without the Hits-Column. How can I use the "-c" flag?
Michael
Hi Michael,
The version 1.2.5 should be enough to get the hit counts.
I'd like to examine the output of the tool (tar.gz archive file), maybe there is a bug there that incorrectly analyzes your data for hit counts.
Dameon Welch Abernathy, please provide Michael with the instructions to send me his file.
Thanks,
Robert.
Hello,
Maybe here is a problem in the rulebase.tpl.html
   122         var firstAccessRule = data.find(function (e) { 
   123             return e.type === "access-rule" 
   124         });
"var data" includes the hit informations - like:
..true,"hits":{"level":"low","percentage":"1%","first-date":{"iso-8601":"2018-03-26T18:33+0200","posix":1522082001000},"value":2161669,"last-date":{"iso-8601":"2018-07-04T07:59+0200","posix":1530683943000}}..
Method "find" is not supported. (Tested with IE11 and Chrome 66.0.3359)  Sorry, I'm not familiar with "script" - could this be the problem ?
Thanks,
Michael
UPDATE: Chrome works fine - and is the solution for me! Thank you
Hi,
You may be correct with your findings.
In Chrome v 67.0.3396.99 -

In IE 11 -

Nothing...
I'll check the code again for compatibility with other browsers/versions and fix as needed.
Great input, thank you!
Robert.
Release version 2.0.1 now supports IE 11 as well.
Robert.
hello,
each time i'm trying to run the script, i got
[Expert@:0]# more show_package-2018-08-01_18-14-10.elg
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: The parameters that were received: server:(-m)=10.72.22.9 domain:(-d)=MDS userRequestPackage:(
-k)=xxxx
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Limit number of object per page: 10
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Local Ips: [10.72.22.27, 10.72.22.31, 10.72.22.29, 10.72.22.25, 10.72.22.9, 127.0.0.1]
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: ERROR: failed connecting to the server: 127.0.0.1
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: Script stopped running due to severe error!
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: dirPath: /var/tmp/6e3740f7-bc48-420c-bd31-d768450cf24a
[8/1/18 6:14 PM com.checkpoint.mgmt_api.examples.ShowPackageTool.logoutReportAndExit()INFO]: tarGzPath: show_package-2018-08-01_18-14-10.tar.gz
any idea ?
regards
Xavier
The tool fails to connect to the API server.
Please run command "api status" and paste the output here for analysis.
Robert.
Hello Robert,
thanks for your reply,
i have check the " api status" command and found that we changed the tcp port of the web api server.
after adding the -n flag to the command, it works like a charm. thank you !
regards
xavier
Are these newer release included in new JFA to the mgmt or in the new M releases?
No, not yet, but it will be eventually included both in JHF and R80.20.
Anyway, GitHub repo always has the newest releases as it is instantly updateable, without bureaucracy.
Just copy the newest JAR file into your management server.
Robert.
Hello,
since version 2.0 the use of own templates was unfortunately disabled.
We would like to export more fields (custom-fields.field-1/ custom-fields.field-2 / custom-fields.field-3). So far we had created this via customized templates and the -t flag.
Example $FWDIR/api/sample/conf/rulebase.html.template :
Is it possible to reactive the template-flag or to define new flag for additive fields?
It is possible to compile your own web_api_show_package-jar-with-dependencies.jar including customized templates.
Here are some helpful steps/hints for non-professionals:
1.) You can use a fresh installed virtual machine with CheckPoint R80.10 and internet connection. I prefer a non-productive system...
2.) Download and extract the tar.gz-sources from Releases · CheckPointSW/ShowPolicyPackage · GitHub
3.) IMPORTANT : Download and extract a Java Develop Kit - Linux x86 and tar.gz seems to be ok.
4.) IMPORTANT : Change the environment var JAVA_HOME to the [extracted JDK-dir] with export JAVA_HOME=[your-extracted-jdk-dir]
5.) Customize your template in the extracted ShowPolicyPackage-dir under src/main/resources/com/checkpoint/mgmt_api/templates. Example for html-export with custom-fields1-3:
Header:
Body:
6.) Compile your customized api_show_package-jar-with-dependencies.jar with "./mvnw clean install -X" in the [extracted ShowPolicyPackage-*-dir]
7.) Copy the new [extracted ShowPolicyPackage-*"]/target/web_api_show_package-jar-with-dependencies.jar to the management-server in $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies
8.) Test it with java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar
Regards,
Michael
I miss the simplicity of being able to search for objects in a single file. Is there any method yet to create a single file extract of the policy similar to what the Web Visualization Tool did... ie, maybe something that converts the multiple files generated by the ShowPackage tool into a single html file?
Can you make this run on a standalone web server without installing the MDS?
Hi,
I tried following on a MDSM R80.30 and it did work.
java -jar web_api_show_package-jar-with-dependencies.jar -c --show-membership true --dereference-group-members true --query-limit 500 -d DOMAIN1
However, trying to export Global Policy ( -d Global) the script simply stops with following message:
Script stopped running due to severe error!
Any tip?
Thanks
Best Regards
Hi,
We are currently using R80.20. We plan to do an export of firewall rules and have a few questions. Your answer is appreciated!
1. Will running this .jar package cause any outage or reboot of GAIA console and associated Gateways (CheckPoint Firewalls)?
2. Does the .jar package run create any locks on CheckPoint Firewalls and impacting the traffic flowing through the firewalls?
3. Does this tool write anything or make any changes to the policies and settings on GAIA console and Firewalls other than the output files?
Thanks!
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 5 | |
| 3 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY