Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Magnus-Holmberg
Advisor

How to export policy package to HTML - Show Package Tool sk120342

Hi,

Short video on how show package tool works, described within sk120342

 

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
(1)
7 Replies
fulvio
Explorer

Hi Magnus, great video, this is (would be once I get it working) so helpful.

I am using the command this way:

$MDS_FWDIR/scripts/web_api_show_package.sh -k "policy_name" -d "my_domain" -o /home/_nonlocl

and getting:

Script stopped running due to severe error!

Result file location: /home/_nonlocl/show_package-2023-06-29_15-44-12.tar.gz

with extremely low amount of info. 

I have tried also to run the same command targeting a different policy, same result. Were can I start troubleshooting?

Many Thanks

0 Kudos
PhoneBoy
Admin
Admin

Best to engage with the TAC here: https://help.checkpoint.com 

0 Kudos
dergio
Participant

Hi fulvio

Have you ran the script on the Mgmt? Maybe your Mgmt is also running on a different port (default 443 for the script). Checkout the parameter "-n" for the script.

0 Kudos
just13pro
Collaborator

What is your version?

If I remember correctly, some version has this bug and you need to upgrade JHF or upgrade version.

0 Kudos
fulvio
Explorer

Thank you very much for your replies.

The situation has evolved. I am able to run the web_api_show_package.sh now but it does not complete, in the logs I get this error:

com.checkpoint.mgmt_api.examples.MyLogger.debug()DEBUG]: Command [show-access-rulebase] uid d1d3d573-4fe0-4cef-9ac6-735899cc2511 limit 10 offset 1860 FAILED

I am now debugging using this:

java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -k "ABC-VPN" -d "ABC_Corp" --query-limit 1

and find out that I am failing on two specif rules. Hope once I fixed this, the web_api_show_package will work fine.

When running java -jar $MDS_FWDIR/api/samples/lib/web_api_show_package-jar-with-dependencies.jar -k 

I am getting some other error messages:

[6/30/23 5:36 PM com.checkpoint.mgmt_api.examples.MyLogger.severe()SEVERE]: Failed to run show rulebase (ABC-VPN Security). Error message: java.lang.OutOfMemoryError: Java heap space

looking into that as well

0 Kudos
Srdjan_B
Collaborator
Collaborator

Hello,

Result tgz file contains one .elg file. This is good starting point for troubleshooting, check it out.

Also, you can add -s switch to generate some debug info.

Last but not least, our customer had issue because they had sublayers name like "to_10.0.0.0/24". The point is that "/" is not escaped somewhere, so the script breaks when trying to create folder which contains slash character in the name.

Best practice: avoid using special characters in names of your objects. If your layers or sublayers contain "/", rename them using dash or underscore ("-" or "_").

0 Kudos
fulvio
Explorer

Thanks very muck, I will be looking at that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events