This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Help
Highlighted
ekagan
Iron
‎2019-06-27 05:05 PM

rulebase / policy export from enforcement gateway

Hi there,

Couldn't find anything similar, so here it goes.

I need to integrate Checkpoint firewalls into an existing scripted solution. The requirement is to export the entire policy / rulebase / object definitions in human or machine readable form. But there's a catch. I only have access to the gateways and not to the management server. Any ideas? Version is R77.30.

Thanks,

Eli

Reply
6 Replies
Highlighted
PhoneBoy
Admin
Admin
‎2019-06-28 11:17 AM

Re: rulebase / policy export from enforcement gateway

If it's at all possible to get access to the management station, this will make the task significantly easier.
What is stored on the gateways is in compiled form in $FWDIR/state/local/FW1.
We do not have a documented process or tools outside of Professional Services to recover the data from these directories.
0 Kudos
Reply
Highlighted
ekagan
Iron
‎2019-06-28 03:13 PM

Re: rulebase / policy export from enforcement gateway

What about file is $FWDIR/database directory?  They sort of look like my policy?

0 Kudos
Reply
Highlighted
PhoneBoy
Admin
Admin
‎2019-06-28 05:11 PM

Re: rulebase / policy export from enforcement gateway

There is definitely some stuff in there as well.
There's an SK that talks about clearing both directories in case of some corruption: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Between $FWDIR/database and $FWDIR/state/local/FW1, you may be able to recover what you need.
0 Kudos
Reply
Highlighted
Val_Loukine
Admin
Admin
‎2019-06-29 12:31 PM

Re: rulebase / policy export from enforcement gateway

either way, you cannot convert compiled policies into human readable form without very hard effort. get access to the management station for that.

0 Kudos
Reply
Highlighted
HeikoAnkenbrand
Ruby
‎2019-06-30 11:44 AM

Re: rulebase / policy export from enforcement gateway

@ekagan you write:

CUT>>>

I only have access to the gateways and not to the management server. Any ideas?

<<<CUT

Why don't you have access to management? Is it a password problem or is the server damaged?

If it is a password problem you can reset the GAIA password and then set a new console password with "cpconfig".

Tags (1)
Reply
Highlighted
ekagan
Iron
‎2019-07-01 01:47 PM

Re: rulebase / policy export from enforcement gateway

My scripting host doesn't have access... I do.
0 Kudos
Reply