This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moberg
Participant
‎2023-03-13 05:54 AM

CP CME: Using CME to deploy a shared Threat Prevention Profile

Hi,

I am today using CP Cloud Management Extention (CP CME) to deploy scale sets in Azure.
MDS as management in HA setup.

If I need to automate new Cloudguard scale set with both security policy and threat prevention policy then how should that be done?


Should I include a line in the custom script as shown in the below extract of the json file (/home/admin/cg-script.sh) using mgmt_cli to install policy (threat prevention policy) afterwards and solve it by doing so?

The autoprovison.json file which is auto generated by the tool delivered with CME called autoprov_cfg only allows me to install a security policy and with that it will also install the standard threat prevention policy. In my case have no rule enabled at all to inspect traffic for known and unknown vulnerabilities. The help details to "autoprov_cfg add template -h" suggest using the restrictive policy with '-rp' parameter but it states: "Created to avoid a limitation in which Access Policy and Threat Prevention Policy cannot be installed at the first time together"

Eg. of the configuration file used by CME. Extract of the json file - auto genereated by autoprov_cfg tool.

},
"tnPROD": {
"anti-bot": true,
"anti-virus": true,
"application-control": true,
"custom-gateway-script": "/home/admin/cg-script.sh",
"generation": "3",
"identity-awareness": true,
"ips": true,
"one-time-password": "one-time-password",
"policy": "Northbound",
"send-logs-to-server": "SMEserver1",
"url-filtering": true,
"version": "R81.10"
}

Because I have more Azure environment I am using the same Threat Prevention profile with just different source and destination in the TP rulebase.

When I deploy new scale sets I want to make sure automatically to deploy this shared TP policy.

 

I was recommended to look at MDS Global Assignment for managing this but might also introduce other challenges.

Therefore are there any ways of using the custom script defined in the autoprov_cfg tool were I could deploy the shared threat prevention policy using the API using MGMT_CLI to install it?

Eg. using mgmt_cli installing Northbound policy together with TP policy

mgmt_cli install-policy policy-package "Northbound" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json

 

Thanks

/Kim

 

0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events