This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brian_Deutmeyer
Collaborator
‎2019-12-06 05:43 PM
Jump to solution

Using the API to map an Access Layer to a Policy Package

Hi friends-

I'm looking to use the API  to add a rule to a layer and then install policy on the appropriate package (or packages for a shared layer).  In SmartConsole, when I view layers (Manage policies and layers...), it shows me the package(s) the layer is used on, but I can't seem to find that mapping in the API.  I've tried both show access-layer and show access-layers, but neither give me the packages.  I tried doing a where-used on my layer UID, but that just gives me an error.  I've noticed that showing all my packages lists the layers that are used, but what about the other way around?  How do find which policy(ies) my access layer is a part of?

I'm on v1.5.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Nir_Amara
Employee Alumnus
Employee Alumnus
‎2019-12-08 06:20 AM
Jump to solution

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2019-12-07 10:26 PM
Jump to solution

Pretty sure this is not part of the API. Sounds like a good RFE. @Nir_Amara 

Nir_Amara
Employee Alumnus
Employee Alumnus
‎2019-12-08 06:20 AM
Jump to solution

Hey Brian,

Thank you for your question.

As @PhoneBoy mentioned, there's currently no API that corresponds with the SmartConsole view you mentioned.

Indeed, the current way to achieve that would be iterating on the policy packages access layers' and check on which packages the changed layer is in use.

If you need help with implementing such logic, feel free to consult with us here. 

Regardless, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

 

Best Regards,

Nir

 

 

0 Kudos
Brian_Deutmeyer
Collaborator
‎2019-12-08 08:11 PM
In response to Nir_Amara
Jump to solution

Thanks, Nir.

Adding a "packages : []" output or something like that to the access-layer would be awesome.  It would make it really easy to walk up the chain from adding a rule to installation.  

I'll put my friend JQ to work and start dumping my packages until said enhancement arrives.  Let me know if you want an official RFE.

0 Kudos
Brian_Deutmeyer
Collaborator
‎2019-12-30 01:45 PM
In response to Brian_Deutmeyer
Jump to solution

@Nir_Amara  - I'm noticing that the show-package API does not show inline access layers in the output.  I've even tried with full details.  Would you agree? How do I map an inline layer to a package?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-12-30 04:06 PM
In response to Brian_Deutmeyer
Jump to solution

If it's not a shared inline layer, you can assume it's part of the same policy package.
If the inline layer is shared, it could easily be part of multiple policy packages.
0 Kudos
Brian_Deutmeyer
Collaborator
‎2019-12-30 05:32 PM
In response to PhoneBoy
Jump to solution

I'm going back to my original question.  I know my layer name (which may be an inline layer), but how do I find the package my layer is used on for installation?  If it's not an inline layer, show-package does the trick, but inline...not so much.

0 Kudos
Yael_G
Employee
Employee
‎2019-12-31 04:36 AM
In response to Brian_Deutmeyer
Jump to solution

Hi Brian,

As Nir mentioned, we'll look into the possibility of adding such field to the "access-layer" reply in future versions.

In the mean time you can find the packages which are using a specific inline layer by using the following steps:

  1. Use “show access-layers” to get all the access-layers.
  2. For each layer use “show access-rulebase” with “use-object-dictionary” set to false.
    If the inline layer is part of this access-layer you will find it in the output under “rulebase”-> “inline-layer”.
  3. To find the package use Nir’s explanation with the layer you found in step 2.

Notice: the layers you will find in step 2 can be also inline-layers.

0 Kudos
Brian_Deutmeyer
Collaborator
‎2019-12-31 05:33 AM
In response to Yael_G
Jump to solution

OK. I'll give that a try. Thanks!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events