- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello,
at the moment I am trying to build a script that checks whether specific source and destination is accepted or dropped.
For this I am using the the api call "show-access-rulebase" with filter settings for source, destination and port. (API-Version 1.1)
Parsing the JSON works quite well, but as soon as there is a rule in an inline layer, I cannot access the inner rule and find the information about this rule. Is there any possibility to show this information? Using and searching the UIDs linked with the inline layer did not give me any further help how to find the right rules inside the inline layer.
As example, here a JSON-Output. Rule 4 is a rule with inner layer, that matches:
Request:
{
"offset": 0,
"limit": 500,
"name": "Network",
"details-level": "full",
"use-object-dictionary": true,
"filter": "src:192.168.178.4 AND dst:192.168.178.5 AND svc:80",
"filter-settings": {
"search-mode": "packet",
"packet-search-settings": {
"match-on-any": "true"
}
}
}
Response:
{
"uid": "21289aa8-e62d-44ed-a395-bd54007812e2",
"name": "Network",
"rulebase": [
{
"uid": "0a9ce5cc-80e7-41c4-988c-b1b55dc8e0ef",
"type": "access-rule",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"rule-number": 2,
"filter-match-details": [
{
"column": "destination",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
},
{
"column": "source",
"objects": [
"55844894-82b1-403c-a195-17f7bd54bf6d"
]
},
{
"column": "service",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
}
],
"track": {
"type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"per-session": false,
"per-connection": false,
"accounting": false,
"alert": "none"
},
"source": [
"55844894-82b1-403c-a195-17f7bd54bf6d"
],
"source-negate": false,
"destination": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"destination-negate": false,
"service": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"service-negate": false,
"vpn": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"action": "6c488338-8eec-4103-ad21-cd461ac2c473",
"action-settings": {},
"content": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"content-negate": false,
"content-direction": "any",
"time": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"custom-fields": {
"field-1": "",
"field-2": "",
"field-3": ""
},
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1549962172696,
"iso-8601": "2019-02-12T10:02+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1549962154806,
"iso-8601": "2019-02-12T10:02+0100"
},
"creator": "user"
},
"comments": "",
"enabled": true,
"install-on": [
"6c488338-8eec-4103-ad21-cd461ac2c476"
]
},
{
"uid": "0d1deba9-778f-4688-80cf-cb65ec1f386e",
"name": "upperRule4",
"type": "access-rule",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"rule-number": 4,
"filter-match-details": [
{
"inner-rules": [
"3ec644bf-d753-462f-b262-9bfbb20080a3"
]
},
{
"column": "destination",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
},
{
"column": "source",
"objects": [
"55844894-82b1-403c-a195-17f7bd54bf6d"
]
},
{
"column": "service",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
}
],
"track": {
"type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"per-session": false,
"per-connection": false,
"accounting": false,
"alert": "none"
},
"source": [
"ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4",
"55844894-82b1-403c-a195-17f7bd54bf6d"
],
"source-negate": false,
"destination": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"destination-negate": false,
"service": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"service-negate": false,
"vpn": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
"action-settings": {},
"inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874",
"content": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"content-negate": false,
"content-direction": "any",
"time": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"custom-fields": {
"field-1": "",
"field-2": "",
"field-3": ""
},
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1550050786168,
"iso-8601": "2019-02-13T10:39+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1533540801600,
"iso-8601": "2018-08-06T09:33+0200"
},
"creator": "user"
},
"comments": "",
"enabled": true,
"install-on": [
"6c488338-8eec-4103-ad21-cd461ac2c476"
]
},
{
"uid": "35c290b0-de5b-40f6-81d8-41158b09cbae",
"name": "Clean up rule",
"type": "access-section",
"from": 3,
"to": 3,
"rulebase": [
{
"uid": "5d584618-0485-4387-8a9d-5d0b10bf5ab1",
"name": "Cleanup rule",
"type": "access-rule",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"rule-number": 10,
"filter-match-details": [
{
"column": "destination",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
},
{
"column": "source",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
},
{
"column": "service",
"objects": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
]
},
{
"inner-rules": [
"b5060735-9a7f-499c-a99b-96ff292c7850"
]
}
],
"track": {
"type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"per-session": false,
"per-connection": true,
"accounting": false,
"alert": "none"
},
"source": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"source-negate": false,
"destination": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"destination-negate": false,
"service": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"service-negate": false,
"vpn": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
"action-settings": {},
"inline-layer": "5f98c707-d31c-43ec-95d6-306bf73fea91",
"content": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"content-negate": false,
"content-direction": "any",
"time": [
"97aeb369-9aea-11d5-bd16-0090272ccb30"
],
"custom-fields": {
"field-1": "",
"field-2": "",
"field-3": "7021752, 07017507"
},
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1549982111120,
"iso-8601": "2019-02-12T15:35+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1501597428551,
"iso-8601": "2017-08-01T16:23+0200"
},
"creator": "System"
},
"comments": "",
"enabled": true,
"install-on": [
"6c488338-8eec-4103-ad21-cd461ac2c476"
]
}
]
}
],
"objects-dictionary": [
{
"uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name": "Any",
"type": "CpmiAnyObject",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "black",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597250871,
"iso-8601": "2017-08-01T16:20+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597250871,
"iso-8601": "2017-08-01T16:20+0200"
},
"creator": "System"
},
"tags": [],
"icon": "General/globalsAny",
"comments": null,
"display-name": "",
"customFields": null
},
{
"uid": "ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4",
"name": "host1",
"type": "host",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"ipv4-address": "192.168.178.6",
"interfaces": [],
"nat-settings": {
"auto-rule": false
},
"groups": [],
"comments": "Object created automatically by wizard.",
"color": "black",
"icon": "Objects/host",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1533631014227,
"iso-8601": "2018-08-07T10:36+0200"
},
"last-modifier": "user",
"creation-time": {
"posix": 1533631014227,
"iso-8601": "2018-08-07T10:36+0200"
},
"creator": "user"
},
"read-only": false
},
{
"uid": "6c488338-8eec-4103-ad21-cd461ac2c473",
"name": "Drop",
"type": "RulebaseAction",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597269121,
"iso-8601": "2017-08-01T16:21+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597269121,
"iso-8601": "2017-08-01T16:21+0200"
},
"creator": "System"
},
"tags": [],
"icon": "Actions/actionsDrop",
"comments": "Drop",
"display-name": "Drop",
"customFields": null
},
{
"uid": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
"name": "Inner Layer",
"type": "Global",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597269287,
"iso-8601": "2017-08-01T16:21+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597269287,
"iso-8601": "2017-08-01T16:21+0200"
},
"creator": "System"
},
"tags": [],
"icon": "ApplicationFirewall/Rulebase",
"comments": "Apply inline layer in case of rule match",
"customFields": null
},
{
"uid": "598ead32-aa42-4615-90ed-f51a5928d41d",
"name": "Log",
"type": "Track",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597268981,
"iso-8601": "2017-08-01T16:21+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597268981,
"iso-8601": "2017-08-01T16:21+0200"
},
"creator": "System"
},
"tags": [],
"icon": "Track/tracksLog",
"comments": "Tracks network information and rule matches.",
"customFields": null
},
{
"uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"name": "None",
"type": "Track",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597268971,
"iso-8601": "2017-08-01T16:21+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597268971,
"iso-8601": "2017-08-01T16:21+0200"
},
"creator": "System"
},
"tags": [],
"icon": "General/globalsNone",
"comments": "No tracking.",
"customFields": null
},
{
"uid": "6c488338-8eec-4103-ad21-cd461ac2c476",
"name": "Policy Targets",
"type": "Global",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1501597268910,
"iso-8601": "2017-08-01T16:21+0200"
},
"last-modifier": "System",
"creation-time": {
"posix": 1501597268910,
"iso-8601": "2017-08-01T16:21+0200"
},
"creator": "System"
},
"tags": [],
"icon": "General/globalsAny",
"comments": "The policy target gateways",
"customFields": null
},
{
"uid": "5f98c707-d31c-43ec-95d6-306bf73fea91",
"name": "test2",
"type": "access-layer",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"shared": false,
"applications-and-url-filtering": false,
"content-awareness": false,
"mobile-access": false,
"firewall": true,
"comments": "",
"color": "black",
"icon": "ApplicationFirewall/rulebase",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1549982182614,
"iso-8601": "2019-02-12T15:36+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1549982110592,
"iso-8601": "2019-02-12T15:35+0100"
},
"creator": "user"
},
"read-only": false
},
{
"uid": "838ecbc8-08f6-4961-b454-b41012a08874",
"name": "Testlayer",
"type": "access-layer",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"shared": false,
"applications-and-url-filtering": false,
"content-awareness": false,
"mobile-access": false,
"firewall": true,
"comments": "",
"color": "black",
"icon": "ApplicationFirewall/rulebase",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1549985586177,
"iso-8601": "2019-02-12T16:33+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1549982302871,
"iso-8601": "2019-02-12T15:38+0100"
},
"creator": "user"
},
"read-only": false
},
{
"uid": "55844894-82b1-403c-a195-17f7bd54bf6d",
"name": "testnetwork",
"type": "network",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"broadcast": "allow",
"subnet4": "192.168.178.0",
"mask-length4": 24,
"subnet-mask": "255.255.255.0",
"nat-settings": {
"auto-rule": false
},
"groups": [],
"comments": "",
"color": "black",
"icon": "NetworkObjects/network",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1549962149585,
"iso-8601": "2019-02-12T10:02+0100"
},
"last-modifier": "user",
"creation-time": {
"posix": 1549962149585,
"iso-8601": "2019-02-12T10:02+0100"
},
"creator": "user"
},
"read-only": false
}
],
"from": 1,
"to": 3,
"total": 3
}Thanks and BR!
Mirko
So in your output here. The action for rule 4 is UID ea28da66-c5ed-11e2-bc66-aa5c6188709b, and in the object dictionary you can see the type is 'inline layer'. You should take this UID and use it to run show access rulebase against it to get that layers rules.
Hi,
thanks for your answer! I tried this but only get back all rules that does use any inline layer. Again not along with any information about the inner rule.
BR
Mirko
There is a parameter for each rule called inline-layer.
For example, in like 151 of your output, you will notice:
"inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874",This is the UID of the actual inline layer, which can be shown using show-access-rulebase.
If the rule doesn't have an inline layer, the inline-layer parameter will be null.
Thank you guys, I first misunderstood you two. I entered the UID in the "filter", not in the "name".
Now with using the UID in the "name"-Parameter this works.
BR
Mirko
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
Tue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityTue 07 Jul 2026 @ 03:00 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (ANZ)Tue 07 Jul 2026 @ 05:00 AM (IDT)
Check Point Cloud Firewall – The Cloud Firewall with near 100% Zero-Day Prevention Build In (SEAK)Tue 07 Jul 2026 @ 07:30 AM (IDT)
Check Point Cloud Firewall - The Cloud Firewall with near 100% Zero Day Prevention built in (IST)Thu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY