This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vardhan
Explorer
‎2023-12-25 11:25 PM
Jump to solution

updating checkpoint firewall rules comments based on rule UID

updating checkpoint firewall rules comments based on rule UID

Hello Mates,

I have task to update the comments in the list of firewall rules based on rule UID. Is there any through to perform this activity through management server console CLI or any other way. I am asking this query because i need to update around 1600 rule comments based on UID. Here Comment is same for all the rules. 

After updating the comments, i want to disable these rules. Please suggest how to proceed. 

Thank you very much in advance. 

thanks

0 Kudos
2 Solutions

Accepted Solutions
Alex-
Leader Leader
Leader
‎2023-12-28 01:26 AM
Jump to solution

That shouldn't be too complex. Assuming you have a flat file with the UID's, you can use the Management API to iterate through that file, set the comment and disable the rule.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-access-rule~v1.9%20

Your syntax would be something like this. 

 

 

 

 

#!/bin/bash

file_path="path/uid_list.txt"
i=0
mgmt_cli login user "username" password "password" --format json > sessionid.json

while IFS= read -r uid; do
((i++))
mgmt_cli set access-rule layer YourLayerName uid $uid enabled False comments "your comment" --format json -s sessionid.json

if [ $i -eq 100 ]; then
echo "100 iterations reached, publishing"
mgmt_cli publish --format json -s sessionid.json
i=0
fi

done < "$file_path"

mgmt_cli publish --format json -s sessionid.json
mgmt_cli logout --format json -s sessionid.json
rm sessionid.json

 

 

 

 

You will need to find the uid or name of the layer as it is a mandatory parameter.

View solution in original post

PhoneBoy
Admin
Admin
‎2023-12-28 06:40 AM
Jump to solution

This can be done via the API/CLI, yes.
The relevant endpoint is set access-rule: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.9.1%20
You can set the comment and disable the rule in the same call.
A "publish" action is recommended every 100 or so actions.

View solution in original post

8 Replies
_Val_
Admin
Admin
‎2023-12-28 12:05 AM
Jump to solution

It is unclear what you are trying to achieve

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-12-28 12:29 AM
Jump to solution

Should be possible using Management API, see in API / CLI discussions and the documentation !

 

CCSE / CCTE / CCME / CCSM Elite / SMB Specialist
0 Kudos
Alex-
Leader Leader
Leader
‎2023-12-28 01:26 AM
Jump to solution

That shouldn't be too complex. Assuming you have a flat file with the UID's, you can use the Management API to iterate through that file, set the comment and disable the rule.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-access-rule~v1.9%20

Your syntax would be something like this. 

 

 

 

 

#!/bin/bash

file_path="path/uid_list.txt"
i=0
mgmt_cli login user "username" password "password" --format json > sessionid.json

while IFS= read -r uid; do
((i++))
mgmt_cli set access-rule layer YourLayerName uid $uid enabled False comments "your comment" --format json -s sessionid.json

if [ $i -eq 100 ]; then
echo "100 iterations reached, publishing"
mgmt_cli publish --format json -s sessionid.json
i=0
fi

done < "$file_path"

mgmt_cli publish --format json -s sessionid.json
mgmt_cli logout --format json -s sessionid.json
rm sessionid.json

 

 

 

 

You will need to find the uid or name of the layer as it is a mandatory parameter.

Bob_Zimmerman
Authority
Authority
‎2023-12-28 02:05 PM
In response to Alex-
Jump to solution

One note: this may need to be modified if the management is set to require a session name or description. I wrote a BASH framework for running an arbitrary number of management API commands locally on a system. You name and describe the session once at the top, then it handles publishing every X commands and setting up the new session.

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2023-12-28 03:01 AM
Jump to solution

Do you have any comments in affected rules? If so, would you like to save the existing comments ? If you dont care if and what is/was the comment in affected rules, then just follow steps provided by Alex. If there was any existing comment, the script will overwrite them with new comment.

If you need to add a new comments to the existing ones, little bit of more lines within the script will be needed (first check what is comment, store it and add new comment with added text at the end).

Kind regards,
Jozko Mrkvicka
0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-28 06:40 AM
Jump to solution

This can be done via the API/CLI, yes.
The relevant endpoint is set access-rule: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.9.1%20
You can set the comment and disable the rule in the same call.
A "publish" action is recommended every 100 or so actions.

Alex-
Leader Leader
Leader
‎2023-12-28 10:21 AM
In response to PhoneBoy
Jump to solution

Fair point about publishing at intervals given the size of the rules to modify, I've added a conditional check in the script to publish every 100 iterations.

@JozkoMrkvicka Correct about the comment, given OP's message it appears the rules are already defined anyway to have a standardised comment and be disabled. Otherwise the comment first need to be extracted with show access-rulebase, saved in a variable and then append whatever the final comment should be.

genisis__
Leader Leader
Leader
‎2023-12-28 09:26 AM
Jump to solution

If you are asking about adding comments between existing rules, then yes this can be done, and rules can be disabled.  I generally use mgmt_cli commands to do this as I'm not really a scripter.

See example below, may not be exactly what you need but should help:

session=`mgmt_cli -r true login --format json| jq -r '.sid'`

# Create new rule - with a section heading, note the order.
mgmt_cli --session-id $session add access-rule name "Test Rule" layer "<POLICYFILE NAME> <Layer Name>" position.below "a4a975d6-3e42-490a-90a2-c2ab96xxxxx" source.1 "<src objectname>" destination.1 "<dst objectname>" action "accept" service.1 "http" track "log" comments "New Rule"
mgmt_cli --session-id $session add access-section layer "<POLICYFILE NAME> <Layer Name>" position.below "a4a975d6-3e42-490a-90a2-c2ab96xxxxx" name "Section related to new test rules"

# Publish changes made
mgmt_cli --session-id $session publish
session=`mgmt_cli -r true login --format json| jq -r '.sid'`

# Push policy - Single GWs
mgmt_cli --session-id $session install-policy policy-package "<POLICYFILE NAME>" access true threat-prevention true

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events