- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: show-access-rulebase along with inline layers
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
show-access-rulebase along with inline layers
Hello,
at the moment I am trying to build a script that checks whether specific source and destination is accepted or dropped.
For this I am using the the api call "show-access-rulebase" with filter settings for source, destination and port. (API-Version 1.1)
Parsing the JSON works quite well, but as soon as there is a rule in an inline layer, I cannot access the inner rule and find the information about this rule. Is there any possibility to show this information? Using and searching the UIDs linked with the inline layer did not give me any further help how to find the right rules inside the inline layer.
As example, here a JSON-Output. Rule 4 is a rule with inner layer, that matches:
Request:
{ "offset": 0, "limit": 500, "name": "Network", "details-level": "full", "use-object-dictionary": true, "filter": "src:192.168.178.4 AND dst:192.168.178.5 AND svc:80", "filter-settings": { "search-mode": "packet", "packet-search-settings": { "match-on-any": "true" } }}Response:
{ "uid": "21289aa8-e62d-44ed-a395-bd54007812e2", "name": "Network", "rulebase": [ { "uid": "0a9ce5cc-80e7-41c4-988c-b1b55dc8e0ef", "type": "access-rule", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "rule-number": 2, "filter-match-details": [ { "column": "destination", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] }, { "column": "source", "objects": [ "55844894-82b1-403c-a195-17f7bd54bf6d" ] }, { "column": "service", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] } ], "track": { "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9", "per-session": false, "per-connection": false, "accounting": false, "alert": "none" }, "source": [ "55844894-82b1-403c-a195-17f7bd54bf6d" ], "source-negate": false, "destination": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "destination-negate": false, "service": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "service-negate": false, "vpn": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "action": "6c488338-8eec-4103-ad21-cd461ac2c473", "action-settings": {}, "content": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "content-negate": false, "content-direction": "any", "time": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "custom-fields": { "field-1": "", "field-2": "", "field-3": "" }, "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1549962172696, "iso-8601": "2019-02-12T10:02+0100" }, "last-modifier": "user", "creation-time": { "posix": 1549962154806, "iso-8601": "2019-02-12T10:02+0100" }, "creator": "user" }, "comments": "", "enabled": true, "install-on": [ "6c488338-8eec-4103-ad21-cd461ac2c476" ] }, { "uid": "0d1deba9-778f-4688-80cf-cb65ec1f386e", "name": "upperRule4", "type": "access-rule", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "rule-number": 4, "filter-match-details": [ { "inner-rules": [ "3ec644bf-d753-462f-b262-9bfbb20080a3" ] }, { "column": "destination", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] }, { "column": "source", "objects": [ "55844894-82b1-403c-a195-17f7bd54bf6d" ] }, { "column": "service", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] } ], "track": { "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9", "per-session": false, "per-connection": false, "accounting": false, "alert": "none" }, "source": [ "ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4", "55844894-82b1-403c-a195-17f7bd54bf6d" ], "source-negate": false, "destination": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "destination-negate": false, "service": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "service-negate": false, "vpn": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b", "action-settings": {}, "inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874", "content": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "content-negate": false, "content-direction": "any", "time": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "custom-fields": { "field-1": "", "field-2": "", "field-3": "" }, "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1550050786168, "iso-8601": "2019-02-13T10:39+0100" }, "last-modifier": "user", "creation-time": { "posix": 1533540801600, "iso-8601": "2018-08-06T09:33+0200" }, "creator": "user" }, "comments": "", "enabled": true, "install-on": [ "6c488338-8eec-4103-ad21-cd461ac2c476" ] }, { "uid": "35c290b0-de5b-40f6-81d8-41158b09cbae", "name": "Clean up rule", "type": "access-section", "from": 3, "to": 3, "rulebase": [ { "uid": "5d584618-0485-4387-8a9d-5d0b10bf5ab1", "name": "Cleanup rule", "type": "access-rule", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "rule-number": 10, "filter-match-details": [ { "column": "destination", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] }, { "column": "source", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] }, { "column": "service", "objects": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ] }, { "inner-rules": [ "b5060735-9a7f-499c-a99b-96ff292c7850" ] } ], "track": { "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9", "per-session": false, "per-connection": true, "accounting": false, "alert": "none" }, "source": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "source-negate": false, "destination": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "destination-negate": false, "service": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "service-negate": false, "vpn": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b", "action-settings": {}, "inline-layer": "5f98c707-d31c-43ec-95d6-306bf73fea91", "content": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "content-negate": false, "content-direction": "any", "time": [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ], "custom-fields": { "field-1": "", "field-2": "", "field-3": "7021752, 07017507" }, "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1549982111120, "iso-8601": "2019-02-12T15:35+0100" }, "last-modifier": "user", "creation-time": { "posix": 1501597428551, "iso-8601": "2017-08-01T16:23+0200" }, "creator": "System" }, "comments": "", "enabled": true, "install-on": [ "6c488338-8eec-4103-ad21-cd461ac2c476" ] } ] } ], "objects-dictionary": [ { "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30", "name": "Any", "type": "CpmiAnyObject", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "black", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597250871, "iso-8601": "2017-08-01T16:20+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597250871, "iso-8601": "2017-08-01T16:20+0200" }, "creator": "System" }, "tags": [], "icon": "General/globalsAny", "comments": null, "display-name": "", "customFields": null }, { "uid": "ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4", "name": "host1", "type": "host", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "ipv4-address": "192.168.178.6", "interfaces": [], "nat-settings": { "auto-rule": false }, "groups": [], "comments": "Object created automatically by wizard.", "color": "black", "icon": "Objects/host", "tags": [], "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1533631014227, "iso-8601": "2018-08-07T10:36+0200" }, "last-modifier": "user", "creation-time": { "posix": 1533631014227, "iso-8601": "2018-08-07T10:36+0200" }, "creator": "user" }, "read-only": false }, { "uid": "6c488338-8eec-4103-ad21-cd461ac2c473", "name": "Drop", "type": "RulebaseAction", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "none", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597269121, "iso-8601": "2017-08-01T16:21+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597269121, "iso-8601": "2017-08-01T16:21+0200" }, "creator": "System" }, "tags": [], "icon": "Actions/actionsDrop", "comments": "Drop", "display-name": "Drop", "customFields": null }, { "uid": "ea28da66-c5ed-11e2-bc66-aa5c6188709b", "name": "Inner Layer", "type": "Global", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "none", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597269287, "iso-8601": "2017-08-01T16:21+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597269287, "iso-8601": "2017-08-01T16:21+0200" }, "creator": "System" }, "tags": [], "icon": "ApplicationFirewall/Rulebase", "comments": "Apply inline layer in case of rule match", "customFields": null }, { "uid": "598ead32-aa42-4615-90ed-f51a5928d41d", "name": "Log", "type": "Track", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "none", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597268981, "iso-8601": "2017-08-01T16:21+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597268981, "iso-8601": "2017-08-01T16:21+0200" }, "creator": "System" }, "tags": [], "icon": "Track/tracksLog", "comments": "Tracks network information and rule matches.", "customFields": null }, { "uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9", "name": "None", "type": "Track", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "none", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597268971, "iso-8601": "2017-08-01T16:21+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597268971, "iso-8601": "2017-08-01T16:21+0200" }, "creator": "System" }, "tags": [], "icon": "General/globalsNone", "comments": "No tracking.", "customFields": null }, { "uid": "6c488338-8eec-4103-ad21-cd461ac2c476", "name": "Policy Targets", "type": "Global", "domain": { "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name": "Check Point Data", "domain-type": "data domain" }, "color": "none", "meta-info": { "validation-state": "ok", "last-modify-time": { "posix": 1501597268910, "iso-8601": "2017-08-01T16:21+0200" }, "last-modifier": "System", "creation-time": { "posix": 1501597268910, "iso-8601": "2017-08-01T16:21+0200" }, "creator": "System" }, "tags": [], "icon": "General/globalsAny", "comments": "The policy target gateways", "customFields": null }, { "uid": "5f98c707-d31c-43ec-95d6-306bf73fea91", "name": "test2", "type": "access-layer", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "shared": false, "applications-and-url-filtering": false, "content-awareness": false, "mobile-access": false, "firewall": true, "comments": "", "color": "black", "icon": "ApplicationFirewall/rulebase", "tags": [], "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1549982182614, "iso-8601": "2019-02-12T15:36+0100" }, "last-modifier": "user", "creation-time": { "posix": 1549982110592, "iso-8601": "2019-02-12T15:35+0100" }, "creator": "user" }, "read-only": false }, { "uid": "838ecbc8-08f6-4961-b454-b41012a08874", "name": "Testlayer", "type": "access-layer", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "shared": false, "applications-and-url-filtering": false, "content-awareness": false, "mobile-access": false, "firewall": true, "comments": "", "color": "black", "icon": "ApplicationFirewall/rulebase", "tags": [], "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1549985586177, "iso-8601": "2019-02-12T16:33+0100" }, "last-modifier": "user", "creation-time": { "posix": 1549982302871, "iso-8601": "2019-02-12T15:38+0100" }, "creator": "user" }, "read-only": false }, { "uid": "55844894-82b1-403c-a195-17f7bd54bf6d", "name": "testnetwork", "type": "network", "domain": { "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde", "name": "SMC User", "domain-type": "domain" }, "broadcast": "allow", "subnet4": "192.168.178.0", "mask-length4": 24, "subnet-mask": "255.255.255.0", "nat-settings": { "auto-rule": false }, "groups": [], "comments": "", "color": "black", "icon": "NetworkObjects/network", "tags": [], "meta-info": { "lock": "unlocked", "validation-state": "ok", "last-modify-time": { "posix": 1549962149585, "iso-8601": "2019-02-12T10:02+0100" }, "last-modifier": "user", "creation-time": { "posix": 1549962149585, "iso-8601": "2019-02-12T10:02+0100" }, "creator": "user" }, "read-only": false } ], "from": 1, "to": 3, "total": 3}Thanks and BR!
Mirko
Labels
- Labels:
-
Access Policy
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So in your output here. The action for rule 4 is UID ea28da66-c5ed-11e2-bc66-aa5c6188709b, and in the object dictionary you can see the type is 'inline layer'. You should take this UID and use it to run show access rulebase against it to get that layers rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
thanks for your answer! I tried this but only get back all rules that does use any inline layer. Again not along with any information about the inner rule.
BR
Mirko
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a parameter for each rule called inline-layer.
For example, in like 151 of your output, you will notice:
"inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874",This is the UID of the actual inline layer, which can be shown using show-access-rulebase.
If the rule doesn't have an inline layer, the inline-layer parameter will be null.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you guys, I first misunderstood you two. I entered the UID in the "filter", not in the "name".
Now with using the UID in the "name"-Parameter this works.
BR
Mirko
