This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jun_Liang_Seow
Contributor
‎2017-01-03 09:35 AM

Verification of rules

Hi,

I'm trying to verify rules that I have created. I understand that I can create rules through /add-access-rule. I also understand that Checkpoint can verify if the published rule can be installed by verifying policy (this can be done in GUI). I think it is not possible to do this function through API after reading through the API document. Would like to check on the possibility?

In addition, would like to check  if there's no such function, is there a good practice other than dragging out the entire rule-base for a policy through /show-access-rulebase and checking against the output?

My thought process now is to create a rule, verify policy and delete the rule if the verification flags error (easiest way to check).

Labels
0 Kudos
6 Replies
Igal_Rivin
Employee Alumnus
Employee Alumnus
‎2017-01-03 10:45 PM

Hi Jun Liang Seow,

The API to verify the policy package is added to the R-80.10.

If it's possible it's better to wait until R-80.10 is released.

-Igal

0 Kudos
phlrnnr
Advisor
‎2018-06-07 11:55 AM
In response to Igal_Rivin

Can policy verification be done before publishing?  For example, I have a script that adds a rule using the REST API.  I would then want to verify the policy before publishing and installing.  If verification fails, then I'd want to discard changes instead of publishing them.  Is this possible?

0 Kudos
Robert_Decker
Advisor
‎2018-06-07 12:44 PM
In response to phlrnnr

Hi Phillip,

No, it is not possible. Policy verification via API works the same as in the GUI - first publish, then verify.

Robert.

0 Kudos
phlrnnr
Advisor
‎2018-06-08 10:39 AM
In response to Robert_Decker

So, then, from an automation perspective, is the recommended approach to create a new rule via API, publish it, verify the ruleset, and if verification fails remove the rule that was created and  finally re-publish?

0 Kudos
Robert_Decker
Advisor
‎2018-06-08 01:29 PM
In response to phlrnnr

Phillip,

Creation and verification process of a security policy is more complex then just a trial and error approach.

You do not publish and verify per a single rule, you should be aware of a whole rulebase you are creating.

You can automate the creation process of the rulebase, publish and verify. If the verification fails, you will need to switch to manual work in GUI and examine what went wrong.

Robert.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-06-09 10:27 PM
In response to phlrnnr

This is good feedback Phillip. In the current releases, verifying things like "rule-hide-rule" and more are occurring post-publish. We have plans to assist on verification pre-publish in the next releases.

If you are afraid that your automation often breaks policy verification, perhaps put it in stealth mode and consider not publishing the auto-created rules, and having someone log into that session, look at the change, publish or correct them. Once you see that your tools make better changes, you could add the publish step to the automation.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events