1) API command export always generates a localhost link. But this link is working from outside (you need to replace http://127.0.0.1:50276 with https://<server-remote-ip>/)

2) API command export generates a link accompanied with the current session token as a GET parameter X-chkp-sid and when running mgmt_cli -r true export the generated link session token is already invalid (because adding -r true means - login, execute the command, publish if necessary, logout). But the link will work if to replace the invalid token with the valid one.

Is there any way to export complete checkpoint firewall configuration file using restful api?

like below paloalto restful api access:

https://paloalto-server/api/?type=config&action=get&xpath=/config&REST_API_TOKEN=1900994597

Define what you mean by "configuration", because that can refer to:

• Security Policy configuration:
  • If you want to get all policies configured on all gateways as well as all objects, you might try this script: Python tool for exporting/importing a policy package or parts of it‌
  • If you want to get only what's loaded on a specific gateway, that's a little more tricky.
    • The gateway only contains a compiled version of the objects/policy which is not in a format that is readily exportable.
    • Use something like the following to execute "fw stat" on the Security Gateway from the R80.x Management API: how to use the web api to run the run-script‌
    • Once you have that, you can fetch the access layer as described here: Re: How to fetch/export Configuration and Rule File?‌
    • Note that layers can include other layers, so you may need to parse the output to get the sublayers that are referenced.
    • If Threat Prevention is used, you will need to execute commands to gather this policy information as well.
    • None of the above includes objects, which will have to be queried individually based on what's in the active policies.
• OS configuration
  • Currently not available directly from a REST API but similar to above, you can execute something like "show configuration" using run-script.
  • This does not get anything that was configured in Expert mode.
  • A REST API for Gaia OS is planned in the near future (R80.20).

If you can describe in more detail what the purpose behind gathering this information is, we can provide more specific advice.

Thanks for the information's Dameon Welch Abernathy‌

Configuration file will contains complete (rule/Interface/nat/Objects/Groups/Policy/etc) details of the Firewall. Other firewall vendors (Fortinet, Cisco, Palo Alto, Sonicwall, WatchGuard,Juniper) are providing option to export this configuration file, i am expecting similar export option in checkpoint firewall.

Using this configuration file we can perform backup/restore operations and also generate Nipper(Third party tool) security audit report.

Is there anyway to export this configuration file using restful API?

Unlike the vendors you mention, there is not a single configuration file that contains both the security configuration and the OS/interface configuration on Check Point.

What is available on the Security Gateway itself is:

• A compiled version of the Security Policy--not exportable
• The OS/interface configuration, which can be exported as described above.

The Security Policy configuration is stored on the management and can be exported as I described above.

If you had to replace a physical gateway, provided you have the basic OS configuration, it's possible to push the security policy configuration from the management.