This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex_Cortello
Explorer
‎2018-07-15 11:49 PM

Adding object to multiple policy at once

Hi mates,

I often face with a problem and I can't find a permanent solution.

Every time that I have to add or replace a network object to all that policy where a given object is present, I should look for that object into every policy and adding/replacing with new one, and doing the same for all the policy package I got.

The operation is very timeconsuming.

Is there a way in R77.30 to add/replace object to multiple policy at once and not looking for single object in every policy package?

Thanks in advance

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2018-07-16 08:04 AM

I'm not aware of an easy way to do this in R77.30.

This is something vastly improved in R80.x releases and would be a good reason to upgrade your management.

R80.10 - Where Used object

Maarten_Sjouw
Champion
Champion
‎2018-07-16 01:37 PM

Objects are used across all policies in a single Smartcenter. So when you need to change an object it will apply those changes to all policies it is used in.

When you are looking at a Multi Domain environment you can use global objects, which you can use in each policy that you apply that Global policy to, even if you only put a any any drop (cleanup) rule in it, you can choose to apply all objects to each Domain you assign the Global policy to. So then, when you change an object in the global policy, you reassign the policy and then you could even push policy to the gateways of each assigned policy.

Keep in mind that changing a Host or any other Network object it will NOT show that the Global policy has been updated!

Regards, Maarten
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-07-16 09:29 PM
In response to Maarten_Sjouw

Maarten Sjouw wrote:

 

Keep in mind that changing a Host or any other Network object it will NOT show that the Global policy has been updated!

I didn't know that... good thing we solved that with R80.10 Multi-Domain

0 Kudos
Alex_Cortello
Explorer
‎2018-07-17 12:57 AM
In response to Maarten_Sjouw

Thanks for the answer. It's not clear the steps to follow when I should add a new secondary ip address to all the policy containing a first ip address.

So far I look for the first ip address and I manually add the secondary ip address to the policy, but it happens even that there are 20 or more policy in every policy package with the ip address involved.

Is there a way to automate this kind of process?

0 Kudos
_Val_
Admin
Admin
‎2018-07-17 06:15 AM
In response to Alex_Cortello

Yes, you could use R80.10 MGMT API to query and edit objects and policies. You still need some development effort to write a specific script though

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-07-17 08:32 AM
In response to Alex_Cortello

Well, in the case you have a number of items that you know will change over time, you create a number of groups and hosts in the global policy, a one time effort to convert a policy to use a number of global objects. Items where you they will need to extnded later, it makes sense to add a group with the primary object in that group. Create once use many. Later when you need to add a extra host, this is added in the global policy to the group and then you can re-assign and push all policies with one click..

Regards, Maarten
0 Kudos
Norbert_Bohusch
Advisor
‎2018-07-17 04:02 AM

Upgrade top R80.10, then you can use "where used" and replace to replace first object with group containing first and second object.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events