This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nas
Contributor
‎2020-07-13 01:02 PM

Best way for copy object, group and rulebase

I got question (tried search but not able to find what i look for).

 

If i got mds setup with multiple environments. If we in a situation, where we need evergreen set of firewalls. What is best way for copy approx 550 rulebase. 
do i need create each object, group and rule separately or is there way to copy paste rule.


mds is r80.10.
Current gw is r80.10 .

New firewall will be on r80.30.

6 Replies
PhoneBoy
Admin
Admin
‎2020-07-13 01:11 PM

There's two ways to do this:

1. Migrate export/import the relevant environment (so you have a complete copy)--believe this may have to be done for the entire MDS if starting from R80.10.
2. Use a tool like the following to export/import the relevant information, with some manual work required. https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Python-tool-for-exporting-importi...
Nas
Contributor
‎2020-07-13 02:41 PM
In response to PhoneBoy

Thank you, just going to check the export/import option in my setup. There may be some time consume work to change name of gw manually when selecting “install on” in rule base.

Python tool need be my next test project to check its working.
Ruan_Kotze
Advisor
‎2020-07-14 02:01 AM
In response to Nas

Hi Nas,

The Python script works well, I've used it multiple times.  Getting it going can be slightly tricky (folder structure etc. is important), I'd be happy to answer any questions you might have.

Regarding the gateway in the "install on" column - you do not have to change the name of the gw manually, you can search and replace the object across all policies.

Thanks,
Ruan

Nas
Contributor
‎2020-07-14 06:11 AM
In response to Ruan_Kotze

thank you. There is some pre-req for python which i need at work and then i can work on it and will ask question.

 

 

0 Kudos
Nas
Contributor
‎2020-07-14 06:17 AM
In response to Nas

"1. Migrate export/import the relevant environment (so you have a complete copy)--believe this may have to be done for the entire MDS if starting from R80.10."

 

Checked and only export option for service, object available to me.

Anyone can specify where i can export all policy?

This environment is r77 30 actually 

mds = r80.10

PhoneBoy
Admin
Admin
‎2020-07-14 11:16 AM
In response to Nas

migrate export gets everything in such a way as you can build a new MDS on different hardware.
This is how an upgrade is done, for instance.
This is referred to in the Installation and Upgrade guides.

The python tool only does the specified policy (not all).
You will have to execute it multiple times to get multiple policies.
Also, the gateway version is not relevant in this instance, it's the management version that's relevant.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top