This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
alexc88
Participant
‎2019-10-16 05:28 AM
Jump to solution

commit simultaneously on various policy packages

Hi, is there a way to deploy the changes you do on an object simultaneously on all policy package where the object is involved? Every time I need to modify an object that's involved in about 30 policy packages I have to open the single policy package and install, it would be glad to push in one single command or single operation this kind of change.

Thanks for your help

1 Solution

Accepted Solutions
Timothy_Hall
MVP Gold
MVP Gold
‎2019-10-17 06:27 AM
In response to alexc88
Jump to solution

For R77.30 you could write a shell script for execution from the CLI on your SMS, and run it whenever you have made an object change in the SmartConsole (and done a Save) that you want to propagate to all gateways.  Note that gateway and policy names are case-sensitive...

#!/bin/bash

fwm load Policy_1_Name Gateway1_Name

fwm load Policy_2_Name Gateway2_Name

etc...

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

View solution in original post

9 Replies
Sarm_Chanatip
Collaborator
‎2019-10-17 12:16 AM
Jump to solution

That's interesting, I'm really curious as well.
0 Kudos
Tal_Paz-Fridman
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2019-10-17 01:49 AM
Jump to solution

You can use Layers (Ordered or Inline). If the Layer is part of the Policy Package, any change you preform on it will be applied across all Policy Packages.

Please refer to Security Management R80.30 Administration Guide > Creating an Access Control Policy > Ordered Layers and Inline Layers

0 Kudos
alexc88
Participant
‎2019-10-17 02:33 AM
In response to Tal_Paz-Fridman
Jump to solution

But layers are available only on 80.10? Because we have 77.30

Timothy_Hall
MVP Gold
MVP Gold
‎2019-10-17 06:03 AM
Jump to solution

In R80.20+ MDS/Provider-1 you can automate and/or schedule mass installation of policies using the "Policy Presets" feature.

 

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-17 06:15 AM
In response to Timothy_Hall
Jump to solution

And on top of that you can also install policies directly from the MDS view, right click on the domain and select install policy.
Regards, Maarten
alexc88
Participant
‎2019-10-17 06:16 AM
In response to Maarten_Sjouw
Jump to solution

but is a solution also for R77.30?

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-17 06:20 AM
In response to alexc88
Jump to solution

Nope, As @Timothy_Hall said only R80.20+
Regards, Maarten
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2019-10-17 06:27 AM
In response to alexc88
Jump to solution

For R77.30 you could write a shell script for execution from the CLI on your SMS, and run it whenever you have made an object change in the SmartConsole (and done a Save) that you want to propagate to all gateways.  Note that gateway and policy names are case-sensitive...

#!/bin/bash

fwm load Policy_1_Name Gateway1_Name

fwm load Policy_2_Name Gateway2_Name

etc...

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
PhoneBoy
Admin
Admin
‎2019-10-19 01:30 PM
In response to Timothy_Hall
Jump to solution

You pretty much have to do the same thing in R80.x as well, even if you use Policy Layers (though the exact command is different).
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events