Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tom_Nguyen
Explorer

IPS Query

Hi,

With the R80.10 API, is there a way determine which IPS profile is tied to a gateway?  Basically, we have a large number of gateways and multiple IPS profiles and I would like to create a script that will eventually create a list with the name of the gateway and the associated IPS profile.

I'm trying to work backwards and I'm just stuck getting all the information that I need.  The workflow I'm thinking of is:

Query 1 : Threat Prevention Policy, Rules, Profile Name

Query 2:  Gateway Name, Threat Prevention Policy name

With results from both queries, I should be able to generate the gateway to IPS profile list.  Let me know if I"m off base here.

1 Reply
PhoneBoy
Admin
Admin

In past releases, only a single IPS Profile could apply to an entire gateway.

With R80.x gateways, there could be several threat prevention profiles that apply to the gateway depending on the protected scope.

At a high level, you'd do something like:

1. Query the gateway to see what policy is currently loaded to it (e.g. with fw stat). You could do this with run-script via the API or use the new https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/new-...‌. However, this will only give you the name of the policy, not what the actual threat-prevention layer is called (most likely "PolicyName Threat Prevention" but you'll have to double-check, and there could be a few).

2. Use the API to query the Threat Prevention rulebase for that particular policy, parsing the output to determine which profiles are used for the given gateway.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events