cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Automatic rule coding using OPSEC

Hello

we are well aware that R80.10 has got API to perform multiple automation stuffs, whereas we are looking for something in R77.30 , since it takes sometime for us to upgrade the version to R80.10 and I just wanted to check if any possibilities of adding the policy rules from Tufin tool(as one of the approved OPSEC product), to check point policy database, when communication from checkpoint to tufin is possible    

thanks in adavnce

0 Kudos
6 Replies
Admin
Admin

Re: Automatic rule coding using OPSEC

The OPSEC API does have ways to modify the rulebase.

Heck, I wrote scripts to modify the rulebase with dbedit Smiley Happy

I believe Tufin can do this, but you should check with them on the specifics.

Re: Automatic rule coding using OPSEC

Thank you for your comments.. would you please share the script link

0 Kudos
Admin
Admin

Re: Automatic rule coding using OPSEC

The scripts I wrote were for specific customers.

Most of the specific are covered in the R77 CLI Guide: Command Line Interface R77 Reference Guide 

Keep in mind that while modifying existing rules with dbedit is relatively straightforward, adding a new rule is not since it requires multiple delete/add operations.

The R80 APIs have significantly improved APIs for rulebase manipulation. 

Re: Automatic rule coding using OPSEC

Hi Dameon Welch-Abernathy‌,

Do you remember if the script you wrote using dbedit included also LDAP user groups ? I am struggling how can I add new LDAP group to the existing rule via dbedit (R77.30).

 

Kind regards,
Jozko Mrkvicka
0 Kudos
Admin
Admin

Re: Automatic rule coding using OPSEC

I did not do that in any of my scripts, but will see if I can get someone from R&D to help on the thread you pointed me at.

Re: Automatic rule coding using OPSEC

Thank you very much Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos