This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
Advisor
‎2025-06-26 06:58 AM
Jump to solution

View by CLI details of Policy Packages

Hi,

I have a MDS that has about 10 CMAs, each CMA has more than 4 ‘Policy Packages’.

Is there a way to view by CLI of the MDS, see the list of policy packages that are ‘tied’ to a particular CMA?

Thanks for your comments

0 Kudos
3 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2025-06-26 07:13 AM
Jump to solution

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-package~v2 shows the target gateways for the package

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

the_rock
Legend
Legend
‎2025-06-26 07:14 AM
Jump to solution

Hey brother,

Try below, its my lab, regular mgmt, not MDS, but should be same.

Andy

[Expert@CP-MANAGEMENT:0]# mgmt_cli show packages
Username: admin
Password:
packages:
- uid: "0fd04089-8f41-424a-aeb3-0534161618ca"
name: "R82-SSL-INSPECTION-LAB-POLICY"
type: "package"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Blades/Access"
color: "cyan"
from: 1
to: 1
total: 1

View solution in original post

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-07-02 07:12 AM
In response to the_rock
Jump to solution

@Matlu I checked on my lab. I got the same output as you from MDS:

[Expert@A-MDS:0]# mgmt_cli login api-key "API-KEY"
uid: "17a0067d-bef7-4b0c-a075-14179532dcef"
sid: "McLfS6kPLMq3B8jKywHXGDnDDs2B5CEfzTpTB6aSVik"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
api-server-version: "1.9.1"
user-name: "api-user"
user-uid: "0ac44df8-9f52-4f33-b2a4-04c03ccc4304"

[Expert@A-MDS:0]# mgmt_cli show packages --session-id "McLfS6kPLMq3B8jKywHXGDnDDs2B5CEfzTpTB6aSVik"
packages: []
total: 0

 

You need to login to the specific domain and then you got the packages:

[Expert@A-MDS:0]# mgmt_cli login api-key "API-KEY" domain "Alpha"
uid: "6d143c11-4a7b-4f22-8a00-660350bd5c2a"
sid: "p4mbKWT6fHQrAtkXewfBVmDkeqEL-InurxYHi9xv9H0"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at: 
  posix: 1751463922464
  iso-8601: "2025-07-02T15:45+0200"
api-server-version: "1.9.1"
user-name: "api-user"
user-uid: "0ac44df8-9f52-4f33-b2a4-04c03ccc4304"

[Expert@A-MDS:0]# mgmt_cli show packages --session-id "p4mbKWT6fHQrAtkXewfBVmDkeqEL-InurxYHi9xv9H0"
packages: 
- uid: "0a96b8c1-e9bf-43ba-b604-26e2831d4b15"
  name: "A-VSX_VSX"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "black"
- uid: "0fd04089-8f41-424a-aeb3-0534161618ca"
  name: "Alpha-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "black"
- uid: "e6cd96da-6564-4a90-a593-a2f7868c8622"
  name: "DMZ-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "sea green"
- uid: "9c1143d8-86b7-42f6-a457-127a547a17c3"
  name: "Internal-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "crete blue"
from: 1
to: 4
total: 4

 

You could use a script looping through all domains and get the packages.

 

View solution in original post

12 Replies
G_W_Albrecht
Legend Legend
Legend
‎2025-06-26 07:13 AM
Jump to solution

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-package~v2 shows the target gateways for the package

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend
‎2025-06-26 07:14 AM
Jump to solution

Hey brother,

Try below, its my lab, regular mgmt, not MDS, but should be same.

Andy

[Expert@CP-MANAGEMENT:0]# mgmt_cli show packages
Username: admin
Password:
packages:
- uid: "0fd04089-8f41-424a-aeb3-0534161618ca"
name: "R82-SSL-INSPECTION-LAB-POLICY"
type: "package"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Blades/Access"
color: "cyan"
from: 1
to: 1
total: 1

0 Kudos
the_rock
Legend
Legend
‎2025-06-26 08:34 AM
Jump to solution

Btw, built MDS lab quickly and same command I gave you also worked fine.

Andy

0 Kudos
Matlu
Advisor
‎2025-06-26 10:08 AM
In response to the_rock
Jump to solution

Bro,
Do you apply the command in the main MDS, or do you jump to a CMA to apply it there?
Thanks

0 Kudos
the_rock
Legend
Legend
‎2025-06-26 10:08 AM
In response to Matlu
Jump to solution

I did it on mds.

0 Kudos
Matlu
Advisor
‎2025-06-26 05:06 PM
In response to the_rock
Jump to solution

[Expert@MDS:0]#
[Expert@MDS:0]# mgmt_cli show packages
Username: cpsc_admin
Password:
packages: []
total: 0

[Expert@MDS:0]#
[Expert@MDS:0]#
[Expert@MDS:0]#
[Expert@MDS:0]#
[Expert@MDS:0]# mdsenv 10.123.94.133
[Expert@MDS:0]#
[Expert@MDS:0]# mgmt_cli show packages
Username: cpsc_admin
Password:
packages: []
total: 0

[Expert@MDS:0]#

I have tested the command, with an account that has permissions, but I get empty results, whether I run it on the main MDS, or on a particular CMA.

The detail is that the CMA that I have, really do have several POLICY PACKAGES tied to each CMA.

It is strange

0 Kudos
the_rock
Legend
Legend
‎2025-06-26 05:30 PM
In response to Matlu
Jump to solution

I had to sadly delete that lab, as I had to build something else for a pressing issue I was dealing with, but it definitely worked for me using that exact same command,

You are sure that account has super user permissions?

Andy

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-07-02 12:55 AM
In response to Matlu
Jump to solution

As @the_rock mentioned make sure your user has the Profile "Multi-Domain Super User" assigned.

the_rock
Legend
Legend
‎2025-07-02 04:36 AM
In response to Daniel_Kuhl1
Jump to solution

@Daniel_Kuhl1 I dont know if thats a must, but it would definitely help.

Andy

0 Kudos
Daniel_Kuhl1
Employee Employee
Employee
‎2025-07-02 07:12 AM
In response to the_rock
Jump to solution

@Matlu I checked on my lab. I got the same output as you from MDS:

[Expert@A-MDS:0]# mgmt_cli login api-key "API-KEY"
uid: "17a0067d-bef7-4b0c-a075-14179532dcef"
sid: "McLfS6kPLMq3B8jKywHXGDnDDs2B5CEfzTpTB6aSVik"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
api-server-version: "1.9.1"
user-name: "api-user"
user-uid: "0ac44df8-9f52-4f33-b2a4-04c03ccc4304"

[Expert@A-MDS:0]# mgmt_cli show packages --session-id "McLfS6kPLMq3B8jKywHXGDnDDs2B5CEfzTpTB6aSVik"
packages: []
total: 0

 

You need to login to the specific domain and then you got the packages:

[Expert@A-MDS:0]# mgmt_cli login api-key "API-KEY" domain "Alpha"
uid: "6d143c11-4a7b-4f22-8a00-660350bd5c2a"
sid: "p4mbKWT6fHQrAtkXewfBVmDkeqEL-InurxYHi9xv9H0"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at: 
  posix: 1751463922464
  iso-8601: "2025-07-02T15:45+0200"
api-server-version: "1.9.1"
user-name: "api-user"
user-uid: "0ac44df8-9f52-4f33-b2a4-04c03ccc4304"

[Expert@A-MDS:0]# mgmt_cli show packages --session-id "p4mbKWT6fHQrAtkXewfBVmDkeqEL-InurxYHi9xv9H0"
packages: 
- uid: "0a96b8c1-e9bf-43ba-b604-26e2831d4b15"
  name: "A-VSX_VSX"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "black"
- uid: "0fd04089-8f41-424a-aeb3-0534161618ca"
  name: "Alpha-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "black"
- uid: "e6cd96da-6564-4a90-a593-a2f7868c8622"
  name: "DMZ-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "sea green"
- uid: "9c1143d8-86b7-42f6-a457-127a547a17c3"
  name: "Internal-Policy"
  type: "package"
  domain: 
    uid: "0f60c08a-e6ac-4180-9678-8fb98ee13e8e"
    name: "Alpha"
    domain-type: "domain"
  icon: "Blades/Access"
  color: "crete blue"
from: 1
to: 4
total: 4

 

You could use a script looping through all domains and get the packages.

 

the_rock
Legend
Legend
‎2025-07-02 07:16 AM
In response to Daniel_Kuhl1
Jump to solution

Did not know that command, thanks Daniel!

Andy

Bob_Zimmerman
Authority
Authority
‎2025-07-02 09:46 AM
Jump to solution

If you just want the package names under every domain on an MDS or SmartCenter, this will do it:

domains="$(mgmt_cli -f json -r true show domains | jq '.objects[].name' | tr -d '"' | tr ' ' '\n')";echo "${domains}" | while read domainName;do mgmt_cli -f json -r true -d "${domainName}" show packages | jq -c ".packages[]|{domain:\"${domainName:-$(hostname)}\",name:.name}";done

If you want the installation targets, that's also doable, but more complicated:

domains="$(mgmt_cli -f json -r true show domains | jq '.objects[].name' | tr -d '"' | tr ' ' '\n')";echo "${domains}" | while read domainName;do mgmt_cli -f json -r true -d "${domainName}" show packages details-level full | jq -c ".packages[]|{domain:\"${domainName:-$(hostname)}\",name:.name,targets:(if (.\"installation-targets\" | type) == \"array\" then [.\"installation-targets\"[]|.name] else [.\"installation-targets\"] end)}";done

Note that these don't include packages defined in the global domain.

Edit: fixed a minor bug in the installation targets. Check Point returns either a list or a string in that property, and jq doesn't handle that ambiguity.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events