This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kishorilal_CJ
Participant
‎2018-01-24 04:51 AM

Automatic rule coding using OPSEC

Hello

we are well aware that R80.10 has got API to perform multiple automation stuffs, whereas we are looking for something in R77.30 , since it takes sometime for us to upgrade the version to R80.10 and I just wanted to check if any possibilities of adding the policy rules from Tufin tool(as one of the approved OPSEC product), to check point policy database, when communication from checkpoint to tufin is possible    

thanks in adavnce

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2018-01-26 10:25 PM

The OPSEC API does have ways to modify the rulebase.

Heck, I wrote scripts to modify the rulebase with dbedit Smiley Happy

I believe Tufin can do this, but you should check with them on the specifics.

Kishorilal_CJ
Participant
‎2018-01-28 09:22 PM
In response to PhoneBoy

Thank you for your comments.. would you please share the script link

0 Kudos
PhoneBoy
Admin
Admin
‎2018-01-28 09:45 PM
In response to Kishorilal_CJ

The scripts I wrote were for specific customers.

Most of the specific are covered in the R77 CLI Guide: Command Line Interface R77 Reference Guide 

Keep in mind that while modifying existing rules with dbedit is relatively straightforward, adding a new rule is not since it requires multiple delete/add operations.

The R80 APIs have significantly improved APIs for rulebase manipulation. 

JozkoMrkvicka
Leader
Leader
‎2019-01-24 08:46 AM
In response to PhoneBoy

Hi Dameon Welch-Abernathy‌,

Do you remember if the script you wrote using dbedit included also LDAP user groups ? I am struggling how can I add new LDAP group to the existing rule via dbedit (R77.30).

https://community.checkpoint.com/message/35147-r7730-adding-ldap-group-to-the-existing-rule-using-db... 

Kind regards,
Jozko Mrkvicka
0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-24 05:27 PM
In response to JozkoMrkvicka

I did not do that in any of my scripts, but will see if I can get someone from R&D to help on the thread you pointed me at.

JozkoMrkvicka
Leader
Leader
‎2019-01-25 12:43 AM
In response to PhoneBoy

Thank you very much Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos
Labels