This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tawsif
Participant
‎2022-01-05 02:07 PM

How to View Deleted Rules/Objects on the Firewall?

Is there a way to check for the deleted rules/objects on the firewall once it is published and has been installed? I've tried to open the revision session, but still unable to check for the deleted rules/objects on the firewall. We're running on R80.40. Thanks.

0 Kudos
5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-01-05 06:51 PM

The "Audit Logs" pane should detail the changes, is no information available there in your environment?

Also depending on the version you will have a "Changes" option under "Actions" to compare the policy revisions.

CCSM R77/R80/ELITE
Alex-
MVP Silver
MVP Silver
‎2022-01-06 04:27 AM

Here's a crude one-liner to run in Expert mode that will create a CSV with all deleted objects since last publish. For hosts and networks, it will give IP and subnet mask. For groups, the name. All the rest, name and UID. Output will be saved in deleted_items.csv

 

mgmt_cli -r true show changes -f json | jq '."tasks"[] |."task-details"[] | ."changes"[] | .operations | ."deleted-objects"[] | select(.type == "host") |  [.name, .type, ."ipv4-address"] |@csv' >> deleted_items.csv; mgmt_cli -r true show changes -f json | jq '."tasks"[] |."task-details"[] | ."changes"[] | .operations | ."deleted-objects"[] | select(.type == "network") |  [.name, .type, .subnet4, ."subnet-mask"] |@csv' >> deleted_items.csv; mgmt_cli -r true show changes -f json | jq '."tasks"[] |."task-details"[] | ."changes"[] | .operations | ."deleted-objects"[] | select(.type == "group") |  [.name, .type] |@csv' >> deleted_items.csv; mgmt_cli -r true show changes -f json | jq '."tasks"[] |."task-details"[] | ."changes"[] | .operations | ."deleted-objects"[] | select(.type != "host" and .type != "network" and .type != "group") | [.name, .type, .uid] |@csv' >> deleted_items.csv

 

 

Example output from a lab environment where I deleted a bunch of things.

 

cat deleted_items.csv
"\"Host_5\",\"host\",\"10.10.10.5\""
"\"Host_3\",\"host\",\"10.10.10.3\""
"\"Host_1\",\"host\",\"10.10.10.1\""
"\"Host_2\",\"host\",\"10.10.10.2\""
"\"Host_4\",\"host\",\"10.10.10.4\""
"\"myNet_1\",\"network\",\"10.10.100.0\",\"255.255.255.0\""
"\"myNet_2\",\"network\",\"10.10.200.0\",\"255.255.255.0\""
"\"myGroup\",\"group\""
",\"access-rule\",\"b2766e39-480c-4090-ad2f-4252ca6b6f12\""

 

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2022-01-06 10:41 AM
In response to Alex-

nice oneliner

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2022-01-06 01:37 PM

sk166435 - How to view changes performed between revisions

0 Kudos
Swordfish
Contributor
‎2022-01-06 11:21 PM

You should see the changes in Smart Dashboard > Security Policies > Access Tools > Installation History. You can click in the history on "View installed changes" and can expand the audit logs, which gives you a more detailed view.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events