Solved: Search among section titles

AkosBakos

Hi Community,

I got an interesting question from the customer. They have more than 300 section titles. They want to search only in the section titles, not among the rules.

As I know it is impossible, is it?

Akos

----------------
\m/_(>_<)_\m/

Tal_Paz-Fridman

You can use Web SmartConsole and use the Search from the browser

View solution in original post

Vincent_Bacher

Yes and no afaik.

Out of the box: no way

But. As

mgmt_cli -r true show access-rulebase name "Network" --format json | jq '.rulebase[] | select(.type=="access-section") | .name'

(not yet tested)

maybe could do it on cli, this could be a use case for a smartconsole extension. Could be worth a try.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vincent_Bacher

Addendum: it comes into my mind that even if this works, once layers come into the game it could be extremely difficult

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Don_Paterson

That works nicely 👋

...and just a | grep on the end is needed, or a bit more after jq (contains) for the search/filter.

Just adding the policy package name before the layer name to have another example here.

mgmt_cli -r true show access-rulebase name "Corporate_Policy Network" --format json | jq '.rulebase[] | select(.type=="access-section") | .name'

Another option:

mgmt_cli -r true show access-rulebase name "Policy-Package-Name  Network" --format json | jq -r '.rulebase[] | select(.type=="access-section" and (.name | contains("Internal"))) | .name'

And then a sprinkling of best practice:

SID=$(mgmt_cli login user "fwadmin" --format json | jq -r '.sid')

mgmt_cli --session-id "$SID" show access-rulebase name "Policy-Package-Name Network" --format json \
| jq -r '.rulebase[] | select(.type=="access-section") | .name'

mgmt_cli --session-id "$SID" logout

That best practice example works in a session with a dedicated SmartConsole user (good for auditing) and the SID is set as a variable (more secure).

The show command/s is/are done in a dedicated session and then a logout is required (to keep with best practices).

I looked at the show access-section command but that was not good for this case. show access-rulebase is the way to go.

the_rock

Just tested it as well, works great!

Best,
Andy

the_rock

Interesting question, Akos...I will definitely give this a go in my lab via API.

Best,
Andy

Don_Paterson

They could create a new temporary policy package and then copy and paste the whole section and then search the new policy package.

EDIT:

I misread that and understand it's not about the rules.

Why do they need to do that kind of search?

Could the SmartConsole Indicators help?

(Top of the scroll bar on the right (top right))

the_rock

Excellent idea, Don. Technically, they could do so for every section, just make separate policy package for each section.

Best,
Andy

Tal_Paz-Fridman

You can use Web SmartConsole and use the Search from the browser

AkosBakos

Indeed 🙂

Maybe is there any feature request in this topic?

Akos

----------------
\m/_(>_<)_\m/

Don_Paterson

I was curious about this one.

A normal search does not cover Ordered Layer but it does cover Inline Layers within the current layer.

Meaning that a search for a word (using the SmartConsole search box) will find results in the parent rules and child rules (within the layer (the current layer in view)), while ignoring Sectional Title names altogether, but will not search Ordered Layers.

Moving to the next ordered layer does not carry the search over, and moving back to the original ordered layers results in the search box being cleared.

Anyway.... I got the AI to put this script together that uses the API to find layers in the named policy package and then carry out the search across all layers.

Fun with AI scripting 🙂

the_rock

I will test it, lets see 🙂

Best,
Andy

the_rock

AMAZING:

From the lab:

[Expert@CP-MANAGEMENT:0]# ./find-sections-1.sh
Username [fwadmin]: admin
Policy package name [Corporate_Policy]: LAB-POLICY-Andy
Search string (case-insensitive, empty = show all):

Logging in as 'admin' (mgmt_cli will prompt for password)...
Password:
==============================
Search report (Ordered Layers)
Package : LAB-POLICY-Andy
Search : <empty = show all>
==============================

ORDERED LAYERS IN PACKAGE (count: 3)
----------------------------------------------
1) network (38271c2f-ab44-4e25-9aa4-e219cb6e12cf)
2) appc+urlf (0d66fd92-fb01-4862-8005-8871f976ad4f)
3) final-layer (8c33534f-e11d-4511-a5d1-538a0415a7b3)

INLINE LAYERS DISCOVERED IN ORDERED LAYER: network (count: 5)
----------------------------------------------
1) ivanti (34af18c9-62de-4fb0-9a2d-6dfc46419ccf)
2) dmz-layer (480bf54e-c377-486b-8e62-34cb8b58215c)
3) win11-layer (7fb4428e-ab8e-4dbe-93db-7461e33f3a7d)
4) internal-layer (bca520ad-e6d2-464d-967b-35d106aa40f1)
5) external-layer (c6d7a124-cbe7-4937-89c9-48dbeb2d9cd2)

[Expert@CP-MANAGEMENT:0]#

Best,
Andy

Don_Paterson

Cool!

Thanks for testing that Andy. 🙂

the_rock

Of course, always happy to test it out.

Best,
Andy

Don_Paterson

This one asks if you want to list all Section Titles if the show-all option is used.

Working on a python version for the Tool Box (hopefully).

the_rock

Will try it out later and post the results.

Best,
Andy

the_rock

Brilliant Don!

**************************

[Expert@CP-MANAGEMENT:0]# ./find-sections-ordered.sh
Username [cpadmin]: admin
Policy package name [Alpha-Standard]: LAB-POLICY-Andy
Search string (case-insensitive, empty = show all):
Show all section titles in show-all mode? [y/N]: y

Logging in as 'admin' (mgmt_cli will prompt for password)...
Password: ==============================
Search report (Ordered Layers)
Package : LAB-POLICY-Andy
Search : <empty = show all>
Mode : SHOW ALL (summaries)
Titles : PRINT ALL section titles
==============================

ORDERED LAYERS IN PACKAGE (count: 3)
----------------------------------------------
1) network (38271c2f-ab44-4e25-9aa4-e219cb6e12cf)
2) appc+urlf (0d66fd92-fb01-4862-8005-8871f976ad4f)
3) final-layer (8c33534f-e11d-4511-a5d1-538a0415a7b3)

============================================================
ORDERED LAYER: network
UID : 38271c2f-ab44-4e25-9aa4-e219cb6e12cf
Sections : 0
Inline layers: 5

Section titles:
----------------------------------------------
(No section titles)

Inline layers discovered:
----------------------------------------------
1) ivanti (34af18c9-62de-4fb0-9a2d-6dfc46419ccf)
Sections: 0
(No section titles)

2) dmz-layer (480bf54e-c377-486b-8e62-34cb8b58215c)
Sections: 0
(No section titles)

3) win11-layer (7fb4428e-ab8e-4dbe-93db-7461e33f3a7d)
Sections: 0
(No section titles)

4) internal-layer (bca520ad-e6d2-464d-967b-35d106aa40f1)
Sections: 0
(No section titles)

5) external-layer (c6d7a124-cbe7-4937-89c9-48dbeb2d9cd2)
Sections: 0
(No section titles)

============================================================
ORDERED LAYER: appc+urlf
UID : 0d66fd92-fb01-4862-8005-8871f976ad4f
Sections : 0
Inline layers: 0

Section titles:
----------------------------------------------
(No section titles)

============================================================
ORDERED LAYER: final-layer
UID : 8c33534f-e11d-4511-a5d1-538a0415a7b3
Sections : 0
Inline layers: 0

Section titles:
----------------------------------------------
(No section titles)

[Expert@CP-MANAGEMENT:0]#

Best,
Andy

the_rock

Just tested on another lab with section rules, worked as well. Amazing job @Don_Paterson

Best,
Andy

Don_Paterson

Nice one! Thanks.

The python version will format the output better and switches (see attached) .

the_rock

Great!

Best,
Andy

PhoneBoy

Perhaps we can make this a Toolbox item @_Val_ ?

Don_Paterson

That would be great.

_Val_

No problem. @Don_Paterson, create a new post with the script, its description, and screenshots. Send me the link to vloukine@checkpoint.com for review. We will take the rest of it offline

Don_Paterson

Will do.

Thanks Val.

the_rock

I will ask customer I know used LOTS of sections in their policy to test this out and see what they get.

Best,
Andy

Don_Paterson

Great.

I'll try get the updated python version over to you (DM) early tomorrow in case you want to test and share that one.

the_rock

Of course! I will make few sections in my lab policy, as I dont currently have any.

Best,
Andy

the_rock

Hey Don,

Just tested it in my lab, looks amazing!

**********************

[Expert@CP-MANAGEMENT:0]# ./find-sections-ordered.sh
Username [cpadmin]: admin
Policy package name [Alpha-Standard]: LAB-POLICY-Andy
Search string (case-insensitive, empty = show all):
Show all section titles in show-all mode? [y/N]: y

Logging in as 'admin' (mgmt_cli will prompt for password)...
Password: ==============================
Search report (Ordered Layers)
Package : LAB-POLICY-Andy
Search : <empty = show all>
Mode : SHOW ALL (summaries)
Titles : PRINT ALL section titles
==============================

ORDERED LAYERS IN PACKAGE (count: 3)
----------------------------------------------
1) network (38271c2f-ab44-4e25-9aa4-e219cb6e12cf)
2) appc+urlf (0d66fd92-fb01-4862-8005-8871f976ad4f)
3) final-layer (8c33534f-e11d-4511-a5d1-538a0415a7b3)

============================================================
ORDERED LAYER: network
UID : 38271c2f-ab44-4e25-9aa4-e219cb6e12cf
Sections : 12
Inline layers: 5

Section titles:
----------------------------------------------
- General rules
- Ivanti
- QUIC
- WIN11
- GEO
- CLOUD
- fw access
- external
- internal
- dmz
- stealth
- implicit deny