This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
J_Saun
Contributor
‎2019-04-16 05:15 AM

Where used query by IP address

Is there a way in R80 to query where an object is used by IP ADDRESS rather than by name?

Additionally, I'd like to be able to script it so that you are promoted for the IP and then the query runs and returns the results.

0 Kudos
6 Replies
Joshua_Hatter
Employee
Employee
‎2019-04-16 05:43 AM

You can probably use show-objects first with ip-only and filter for the ip you want. Then send the returned objects to where-used.
J_Saun
Contributor
‎2019-04-17 08:34 AM
In response to Joshua_Hatter

Thanks. I was able to get what I wanted using the command line (mgmt_cli) and using Postman but when I try to use it with ansible it errors out after login.

 

Here is my code:

- name: "show objects"
check_point_mgmt:
command: show-objects
parameters:
"limit" : 50
"offset" : 0
"type" : "object"
"filter" : "1.2.3.6"
"ip-only" : true
session-data: "{{ login_response }}"

 

0 Kudos
J_Saun
Contributor
‎2019-04-24 11:01 AM
In response to J_Saun

I was able to get the script to work. I was missing quotes around the word TRUE:

- name: "show objects"
check_point_mgmt:
command: show-objects
parameters:
"limit" : 50
"offset" : 0
"type" : "object"
"filter" : "1.2.3.6"
"ip-only" : "true"
session-data: "{{ login_response }}"

 

My next challenge is to have the output from the above command displayed without using -vvv. I tried using REGISTER but it errors out:

- name: "show objects"
check_point_mgmt:
command: show-objects
parameters:
"limit" : 50
"offset" : 0
"type" : "object"
"filter" : "1.2.3.6"
"ip-only" : "true"
session-data: "{{ login_response }}"

register: shell_result

- debug: var=shell_result.stdout_lines

 

ERROR

TASK [show objects] *************************************************************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (check_point_mgmt) module: register Supported parameters include: command,fingerprint,parameters,session-data"}

 

Any help would be appreciated.

 

0 Kudos
J_Saun
Contributor
‎2019-04-24 12:59 PM
In response to J_Saun

Figured it out. Had to remove .stdout_lines form debug:

(login commands removed)

- name: "show objects"
check_point_mgmt:
command: show-objects
parameters:
filter : "1.2.3.6"
ip-only : "true"
session-data: "{{ login_response }}"
register: shell_result

- debug: var=shell_result

 

Note that Ansible is picky about columns. The above script needs to be formatted correctly (proper alignment and indentations).

0 Kudos
Luis_Miguel_Mig
Advisor
‎2021-08-24 03:54 AM
In response to J_Saun

I am new with checkpoint ansible.
I was wondering if it is possible to search object by ip with the new collection? 

https://galaxy.ansible.com/check_point/mgmt

0 Kudos
Luis_Miguel_Mig
Advisor
‎2021-08-24 04:18 AM
In response to Luis_Miguel_Mig

oh I see

 

- name: Get object facts
checkpoint_object_facts:
object_filter: 192.168.30.30
ip_only: yes

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events