- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
Now I am learning about Checkpoint Restful API functionalists.
Please share me the usage of "export" function in Restful API access:
https://<mgmt-server>:<port>/web_api/export
https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/export~v1.1%20
Is that export command output will contains complete configuration details?
Like paloalto below Restful API access:
https://<paloalto-server>/api/?type=config&action=get&xpath=/config&REST_API_TOKEN=1900994597
I hope Eugene Grybinnyk or Robert Decker can comment as I'm not entirely sure how to properly interact with this.
The command produces a response which contains a loopback link for a follow up query once the task has completed successfully.
example:
"result-link-url" : "http://127.0.0.1:50276/web_api/result-link/1bef11d4-1aa8-48f3-9ba5-bb943b714f33?X-chkp-sid=d8Cud186nxPz_b3Q_paYi1Xf5ryDbUPvPcrxHv5nZzo"
I didn't know how to follow up and query for the response, so I simply curled it from local host with curl_cli -O <link>
This produced nothing, I double checked the api.elg logs and found it received my command but error-ed out.
But I could discern enough information that it did try to send me a file name4425ad5d-b5ef-446e-902b-749a1c6818b3.tar.gz.I performed a linux search for the filename and found it in:
/opt/CPsuite-R80/fw1/api/export/export_2018_06_12_07_37/4425ad5d-b5ef-446e-902b-749a1c6818b3.tar.gz
After extracting on my windows machine, my incredibly small lab CMA produced a 163MB file named objects.json.
1) API command export always generates a localhost link. But this link is working from outside (you need to replace http://127.0.0.1:50276 with https://<server-remote-ip>/)
2) API command export generates a link accompanied with the current session token as a GET parameter X-chkp-sid and when running mgmt_cli -r true export the generated link session token is already invalid (because adding -r true means - login, execute the command, publish if necessary, logout). But the link will work if to replace the invalid token with the valid one.
Is there any way to export complete checkpoint firewall configuration file using restful api?
like below paloalto restful api access:
https://paloalto-server/api/?type=config&action=get&xpath=/config&REST_API_TOKEN=1900994597
Define what you mean by "configuration", because that can refer to:
If you can describe in more detail what the purpose behind gathering this information is, we can provide more specific advice.
Thanks for the information's Dameon Welch Abernathy
Configuration file will contains complete (rule/Interface/nat/Objects/Groups/Policy/etc) details of the Firewall. Other firewall vendors (Fortinet, Cisco, Palo Alto, Sonicwall, WatchGuard,Juniper) are providing option to export this configuration file, i am expecting similar export option in checkpoint firewall.
Using this configuration file we can perform backup/restore operations and also generate Nipper(Third party tool) security audit report.
Is there anyway to export this configuration file using restful API?
Unlike the vendors you mention, there is not a single configuration file that contains both the security configuration and the OS/interface configuration on Check Point.
What is available on the Security Gateway itself is:
The Security Policy configuration is stored on the management and can be exported as I described above.
If you had to replace a physical gateway, provided you have the basic OS configuration, it's possible to push the security policy configuration from the management.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY