This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mirko_Leschhorn
Participant
‎2019-02-13 02:04 AM

show-access-rulebase along with inline layers

Hello,

at the moment I am trying to build a script that checks whether specific source and destination is accepted or dropped.

For this I am using the the api call "show-access-rulebase" with filter settings for source, destination and port. (API-Version 1.1)

Parsing the JSON works quite well, but as soon as there is a rule in an inline layer, I cannot access the inner rule and find the information about this rule. Is there any possibility to show this information? Using and searching the UIDs linked with the inline layer did not give me any further help how to find the right rules inside the inline layer.

As example, here a JSON-Output. Rule 4 is a rule with inner layer, that matches:

Request:

{
    "offset": 0,
    "limit": 500,
    "name": "Network",
    "details-level": "full",
    "use-object-dictionary": true,
    "filter": "src:192.168.178.4 AND dst:192.168.178.5 AND svc:80",
    "filter-settings": {
        "search-mode": "packet",
        "packet-search-settings": {
            "match-on-any": "true"
        }
    }
}

Response:

{
    "uid": "21289aa8-e62d-44ed-a395-bd54007812e2",
    "name": "Network",
    "rulebase": [
        {
            "uid": "0a9ce5cc-80e7-41c4-988c-b1b55dc8e0ef",
            "type": "access-rule",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "rule-number": 2,
            "filter-match-details": [
                {
                    "column": "destination",
                    "objects": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ]
                },
                {
                    "column": "source",
                    "objects": [
                        "55844894-82b1-403c-a195-17f7bd54bf6d"
                    ]
                },
                {
                    "column": "service",
                    "objects": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ]
                }
            ],
            "track": {
                "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
                "per-session": false,
                "per-connection": false,
                "accounting": false,
                "alert": "none"
            },
            "source": [
                "55844894-82b1-403c-a195-17f7bd54bf6d"
            ],
            "source-negate": false,
            "destination": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "destination-negate": false,
            "service": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "service-negate": false,
            "vpn": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "action": "6c488338-8eec-4103-ad21-cd461ac2c473",
            "action-settings": {},
            "content": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "content-negate": false,
            "content-direction": "any",
            "time": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "custom-fields": {
                "field-1": "",
                "field-2": "",
                "field-3": ""
            },
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1549962172696,
                    "iso-8601": "2019-02-12T10:02+0100"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1549962154806,
                    "iso-8601": "2019-02-12T10:02+0100"
                },
                "creator": "user"
            },
            "comments": "",
            "enabled": true,
            "install-on": [
                "6c488338-8eec-4103-ad21-cd461ac2c476"
            ]
        },
        {
            "uid": "0d1deba9-778f-4688-80cf-cb65ec1f386e",
            "name": "upperRule4",
            "type": "access-rule",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "rule-number": 4,
            "filter-match-details": [
                {
                    "inner-rules": [
                        "3ec644bf-d753-462f-b262-9bfbb20080a3"
                    ]
                },
                {
                    "column": "destination",
                    "objects": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ]
                },
                {
                    "column": "source",
                    "objects": [
                        "55844894-82b1-403c-a195-17f7bd54bf6d"
                    ]
                },
                {
                    "column": "service",
                    "objects": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ]
                }
            ],
            "track": {
                "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
                "per-session": false,
                "per-connection": false,
                "accounting": false,
                "alert": "none"
            },
            "source": [
                "ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4",
                "55844894-82b1-403c-a195-17f7bd54bf6d"
            ],
            "source-negate": false,
            "destination": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "destination-negate": false,
            "service": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "service-negate": false,
            "vpn": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
            "action-settings": {},
            "inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874",
            "content": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "content-negate": false,
            "content-direction": "any",
            "time": [
                "97aeb369-9aea-11d5-bd16-0090272ccb30"
            ],
            "custom-fields": {
                "field-1": "",
                "field-2": "",
                "field-3": ""
            },
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1550050786168,
                    "iso-8601": "2019-02-13T10:39+0100"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1533540801600,
                    "iso-8601": "2018-08-06T09:33+0200"
                },
                "creator": "user"
            },
            "comments": "",
            "enabled": true,
            "install-on": [
                "6c488338-8eec-4103-ad21-cd461ac2c476"
            ]
        },
        {
            "uid": "35c290b0-de5b-40f6-81d8-41158b09cbae",
            "name": "Clean up rule",
            "type": "access-section",
            "from": 3,
            "to": 3,
            "rulebase": [
                {
                    "uid": "5d584618-0485-4387-8a9d-5d0b10bf5ab1",
                    "name": "Cleanup rule",
                    "type": "access-rule",
                    "domain": {
                        "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                        "name": "SMC User",
                        "domain-type": "domain"
                    },
                    "rule-number": 10,
                    "filter-match-details": [
                        {
                            "column": "destination",
                            "objects": [
                                "97aeb369-9aea-11d5-bd16-0090272ccb30"
                            ]
                        },
                        {
                            "column": "source",
                            "objects": [
                                "97aeb369-9aea-11d5-bd16-0090272ccb30"
                            ]
                        },
                        {
                            "column": "service",
                            "objects": [
                                "97aeb369-9aea-11d5-bd16-0090272ccb30"
                            ]
                        },
                        {
                            "inner-rules": [
                                "b5060735-9a7f-499c-a99b-96ff292c7850"
                            ]
                        }
                    ],
                    "track": {
                        "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
                        "per-session": false,
                        "per-connection": true,
                        "accounting": false,
                        "alert": "none"
                    },
                    "source": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "source-negate": false,
                    "destination": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "destination-negate": false,
                    "service": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "service-negate": false,
                    "vpn": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "action": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
                    "action-settings": {},
                    "inline-layer": "5f98c707-d31c-43ec-95d6-306bf73fea91",
                    "content": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "content-negate": false,
                    "content-direction": "any",
                    "time": [
                        "97aeb369-9aea-11d5-bd16-0090272ccb30"
                    ],
                    "custom-fields": {
                        "field-1": "",
                        "field-2": "",
                        "field-3": "7021752, 07017507"
                    },
                    "meta-info": {
                        "lock": "unlocked",
                        "validation-state": "ok",
                        "last-modify-time": {
                            "posix": 1549982111120,
                            "iso-8601": "2019-02-12T15:35+0100"
                        },
                        "last-modifier": "user",
                        "creation-time": {
                            "posix": 1501597428551,
                            "iso-8601": "2017-08-01T16:23+0200"
                        },
                        "creator": "System"
                    },
                    "comments": "",
                    "enabled": true,
                    "install-on": [
                        "6c488338-8eec-4103-ad21-cd461ac2c476"
                    ]
                }
            ]
        }
    ],
    "objects-dictionary": [
        {
            "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
            "name": "Any",
            "type": "CpmiAnyObject",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "black",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597250871,
                    "iso-8601": "2017-08-01T16:20+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597250871,
                    "iso-8601": "2017-08-01T16:20+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "General/globalsAny",
            "comments": null,
            "display-name": "",
            "customFields": null
        },
        {
            "uid": "ad9b7fcd-bfdc-4020-95ac-0261bfd94dd4",
            "name": "host1",
            "type": "host",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "ipv4-address": "192.168.178.6",
            "interfaces": [],
            "nat-settings": {
                "auto-rule": false
            },
            "groups": [],
            "comments": "Object created automatically by wizard.",
            "color": "black",
            "icon": "Objects/host",
            "tags": [],
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1533631014227,
                    "iso-8601": "2018-08-07T10:36+0200"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1533631014227,
                    "iso-8601": "2018-08-07T10:36+0200"
                },
                "creator": "user"
            },
            "read-only": false
        },
        {
            "uid": "6c488338-8eec-4103-ad21-cd461ac2c473",
            "name": "Drop",
            "type": "RulebaseAction",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "none",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597269121,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597269121,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "Actions/actionsDrop",
            "comments": "Drop",
            "display-name": "Drop",
            "customFields": null
        },
        {
            "uid": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
            "name": "Inner Layer",
            "type": "Global",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "none",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597269287,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597269287,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "ApplicationFirewall/Rulebase",
            "comments": "Apply inline layer in case of rule match",
            "customFields": null
        },
        {
            "uid": "598ead32-aa42-4615-90ed-f51a5928d41d",
            "name": "Log",
            "type": "Track",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "none",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597268981,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597268981,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "Track/tracksLog",
            "comments": "Tracks network information and rule matches.",
            "customFields": null
        },
        {
            "uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
            "name": "None",
            "type": "Track",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "none",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597268971,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597268971,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "General/globalsNone",
            "comments": "No tracking.",
            "customFields": null
        },
        {
            "uid": "6c488338-8eec-4103-ad21-cd461ac2c476",
            "name": "Policy Targets",
            "type": "Global",
            "domain": {
                "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
                "name": "Check Point Data",
                "domain-type": "data domain"
            },
            "color": "none",
            "meta-info": {
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1501597268910,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "last-modifier": "System",
                "creation-time": {
                    "posix": 1501597268910,
                    "iso-8601": "2017-08-01T16:21+0200"
                },
                "creator": "System"
            },
            "tags": [],
            "icon": "General/globalsAny",
            "comments": "The policy target gateways",
            "customFields": null
        },
        {
            "uid": "5f98c707-d31c-43ec-95d6-306bf73fea91",
            "name": "test2",
            "type": "access-layer",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "shared": false,
            "applications-and-url-filtering": false,
            "content-awareness": false,
            "mobile-access": false,
            "firewall": true,
            "comments": "",
            "color": "black",
            "icon": "ApplicationFirewall/rulebase",
            "tags": [],
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1549982182614,
                    "iso-8601": "2019-02-12T15:36+0100"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1549982110592,
                    "iso-8601": "2019-02-12T15:35+0100"
                },
                "creator": "user"
            },
            "read-only": false
        },
        {
            "uid": "838ecbc8-08f6-4961-b454-b41012a08874",
            "name": "Testlayer",
            "type": "access-layer",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "shared": false,
            "applications-and-url-filtering": false,
            "content-awareness": false,
            "mobile-access": false,
            "firewall": true,
            "comments": "",
            "color": "black",
            "icon": "ApplicationFirewall/rulebase",
            "tags": [],
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1549985586177,
                    "iso-8601": "2019-02-12T16:33+0100"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1549982302871,
                    "iso-8601": "2019-02-12T15:38+0100"
                },
                "creator": "user"
            },
            "read-only": false
        },
        {
            "uid": "55844894-82b1-403c-a195-17f7bd54bf6d",
            "name": "testnetwork",
            "type": "network",
            "domain": {
                "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
                "name": "SMC User",
                "domain-type": "domain"
            },
            "broadcast": "allow",
            "subnet4": "192.168.178.0",
            "mask-length4": 24,
            "subnet-mask": "255.255.255.0",
            "nat-settings": {
                "auto-rule": false
            },
            "groups": [],
            "comments": "",
            "color": "black",
            "icon": "NetworkObjects/network",
            "tags": [],
            "meta-info": {
                "lock": "unlocked",
                "validation-state": "ok",
                "last-modify-time": {
                    "posix": 1549962149585,
                    "iso-8601": "2019-02-12T10:02+0100"
                },
                "last-modifier": "user",
                "creation-time": {
                    "posix": 1549962149585,
                    "iso-8601": "2019-02-12T10:02+0100"
                },
                "creator": "user"
            },
            "read-only": false
        }
    ],
    "from": 1,
    "to": 3,
    "total": 3
}

Thanks and BR!

Mirko

Labels
4 Replies
Joshua_Hatter
Employee
Employee
‎2019-02-13 05:54 AM

So in your output here. The action for rule 4 is UID ea28da66-c5ed-11e2-bc66-aa5c6188709b, and in the object dictionary you can see the type is 'inline layer'. You should take this UID and use it to run show access rulebase against it to get that layers rules.

Mirko_Leschhorn
Participant
‎2019-02-13 06:50 AM
In response to Joshua_Hatter

Hi,

thanks for your answer! I tried this but only get back all rules that does use any inline layer. Again not along with any information about the inner rule.

BR
Mirko

PhoneBoy
Admin
Admin
‎2019-02-13 08:40 PM

There is a parameter for each rule called inline-layer.

For example, in like 151 of your output, you will notice:

            "inline-layer": "838ecbc8-08f6-4961-b454-b41012a08874",

This is the UID of the actual inline layer, which can be shown using show-access-rulebase.

If the rule doesn't have an inline layer, the inline-layer parameter will be null.

Mirko_Leschhorn
Participant
‎2019-02-13 11:53 PM

Thank you guys, I first misunderstood you two. I entered the UID in the "filter", not in the "name".

Now with using the UID in the "name"-Parameter this works. 

BR

Mirko

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events