This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2022-12-26 03:13 AM

How to export and import IPS profiles on R81.10

Dear ALL,

 

We want know how to export and import IPS Profiles on R81.10.  Because we need to migrate full HA enviroment to Disributed emvironment.

At first, we tried  to using migrate_sever  command, but the migrate was failed.  we cannot delete HA object.

So we thought of using the API.

Although it did not return as much as 100 objects. We were able to restore objects and policies.

So finally,  we want to migrate IPS profiles, 

We found that R7x can use the API, but we didn't  find that this API can use  R81.10.

Please tell me about how to export and import IPS profiles on R81.10.

 

Thank you for the advice in advance.

 

 

0 Kudos
12 Replies
Blason_R
Leader
Leader
‎2022-12-26 05:02 AM

You mean IPS signatures which are configured in your profile? Did you try export  to csv option at least that would give you baseline to start with

 

 

 

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Capture.JPG
Preview file
110 KB
TSOL
Advisor
‎2022-12-26 08:13 PM
In response to Blason_R

Thank you for the answer.

We are finding  how to export IPS profiles from old  Checkpoint appliances(FULL HA ) and import IPS profiles  to new Checkpoint appliances(Distributed )

0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-26 06:57 AM

R7x had limited to no API support, what precisely are you referring to here?
In any case, the API should support getting the necessary information, though it will require multiple calls to get all the information due to the amount of the data the API can return in a single call.
Having said that, the default Optimized policy is what we generally recommend for most deployments.

0 Kudos
TSOL
Advisor
‎2022-12-26 09:30 PM
In response to PhoneBoy

Thank you  for reply.

I would like to know the procedure of this URL in the case of R81.10.
How to Import / Export IPS Protection Profiles (checkpoint.com)

Because We cannot fine the procedure.

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-27 07:40 AM
In response to TSOL

https://community.checkpoint.com/t5/API-CLI-Discussion/Python-tool-for-exporting-importing-a-policy-...
This tool can be used to export/import the just the Threat Prevention policy (includes IPS configuration).

Outside of that, you'll have to write something that calls the API directly, getting the information you need.
This is also a task that Check Point Professional Services can assist with.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-12-26 07:23 AM

As Phoneboy said you could pull all this IPS config information out through the API but it will take some doing.

One other approach would be to use the relatively new IPS profile comparison tool to determine the differences between the original IPS profile in your Full HA environment and the default Optimized profile in your Distributed environment.  Once those differences (administrator overrides, etc) have been determined, manually implement the differences in your new Distributed environment:

sk178646: IPS Protections - Profiles compare

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
TSOL
Advisor
‎2022-12-26 09:42 PM
In response to Timothy_Hall

Thank you for the advice.

I tried comparing the profiles but there are too many differences.
After that, manually creating a profile is impractical.
Please let me know if there is a way to register all at once by import or command.

 

0 Kudos
the_rock
Legend
Legend
‎2022-12-26 07:47 PM

I believe what @Blason_R said is probably your best approach to start with.

0 Kudos
TSOL
Advisor
‎2022-12-26 09:45 PM
In response to the_rock

Thank you for the answer.

But that ways is only export.  We want to know  how to import IPS profiles  to new Checkpoint appliances(Distributed )

0 Kudos
the_rock
Legend
Legend
‎2022-12-27 03:19 PM
In response to TSOL

I dont believe thats sadly available in R81.xx versions, as far as import (not that I know of anyway).

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-12-28 01:47 AM
In response to TSOL

If the step is from R77.30 IPS to R81.10 IPS profiles, note the main deviations from pre-defined Policy and use it to make a cloned copy of R81.10 Optimized Policy.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2022-12-28 05:02 AM
In response to TSOL

I also checked in R81.20 and option to import IPS profile does not exist there either. Little disapoointing, but lets hope it becomes avalable sometime soon. Speaking of that, I know this is slightly different topic, but it would also be nice if there was an option to import the rules in .csv format, the same way they can be exported.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top