This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Libor_Kovar
Contributor
‎2022-03-25 11:57 AM

Graph-based FW rules visualization

Hello, 

is there any way, how to visualize rules and objects relations of firewall in the form of a graph ?
( I am aware of the tool for export into a html)

If no automated export, what type of a graph is suitable for it and is what is the software to do it ?

Many thanks.

 

0 Kudos
16 Replies
PhoneBoy
Admin
Admin
‎2022-03-25 11:41 PM

Never seen such a tool myself.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-26 01:16 AM

Where did you see such a visualization ? I honestly can not image that being of any help - CP even dropped the map view as it was not usable anymore. SmartDashboard has many visualizations concerning network traffic, protocols, users, hit rates and much more...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2022-03-26 08:06 PM
In response to G_W_Albrecht

Depending on the exact meaning of "graph" in the original post, it may not be a visualization. I've been using graph theoretical methods to analyze my firewall rules for overlap and proximity for a while.

I ingest all the rules in an access layer via the API, then convert them into a set of directed edges with one source, one destination, and one service per edge. I then build a graph from all the edges, and extract subgraphs for analysis or plotting.

It's great for finding certain classes of error in the policy. For example, I extracted all the rules referencing a three-member web server farm and found a few load balancers were only allowed to talk to two of them. They had been added by different people over the span of a year, so things were built inconsistently and nobody realized.

I started with PowerShell and GraphViz via PSGraph. I have since moved to some tools I've built myself.

tscally
Explorer
‎2023-05-24 07:47 AM
In response to Bob_Zimmerman

Hi Bob, I´m very interested in this. Would you like to share your scripts?

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-05-24 02:46 PM
In response to tscally

I don't have any of the early stuff I built for analyzing Check Point rules around anymore. The main challenge was data ingestion. Reassembling the policy from the forced pagination is incredibly annoying. Since I use a Mac, I'm now using code written in Swift for all that.

I'll see if I can toss something together in PowerShell, but it will probably take a while.

0 Kudos
the_rock
Legend
Legend
‎2022-03-26 02:50 PM

Never heard or seen one myself either. The only thing I know of is below:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Andy

0 Kudos
Amir_Senn
Employee
Employee
‎2022-03-26 11:38 PM

If you have session logs on relevant rules and SmartEvent you can do a some widgets on rule number.

For example, a statistical table with rule, src OR dst on the second column and logs on the third. I know this is not exactly what you looked for but it could still give you some statistics on highest hit rules with session logs and the most used src/dst.

Kind regards, Amir Senn
the_rock
Legend
Legend
‎2022-03-27 10:00 AM
In response to Amir_Senn

@Amir_Senn ...would you be kind enough to attach a screenshot of what that would look like?

Tx

Andy

0 Kudos
Amir_Senn
Employee
Employee
‎2022-03-28 06:02 AM
In response to the_rock

Just doodling in SmartView for a bit, see attached.

Kind regards, Amir Senn
Preview file
87 KB
0 Kudos
the_rock
Legend
Legend
‎2022-03-28 06:05 AM
In response to Amir_Senn

Thats great, but I was more referring to the query in smart event...

0 Kudos
Amir_Senn
Employee
Employee
‎2022-03-28 06:43 AM
In response to the_rock

I didn't mention a query in SmartEvent, can you elaborate and I'll try to provide.

Kind regards, Amir Senn
0 Kudos
the_rock
Legend
Legend
‎2022-03-28 06:45 AM
In response to Amir_Senn

This was your response yesterday, so I assumed you meant smart event? Sorry if I misunderstood...

Andy

If you have session logs on relevant rules and SmartEvent you can do a some widgets on rule number.

For example, a statistical table with rule, src OR dst on the second column and logs on the third. I know this is not exactly what you looked for but it could still give you some statistics on highest hit rules with session logs and the most used src/dst.

Kind regards, Amir Senn
0 Kudos
Amir_Senn
Employee
Employee
‎2022-03-28 06:58 AM
In response to the_rock

SmartView is a SmartEvent application and SmartEvent only index non-connection logs.

Kind regards, Amir Senn
0 Kudos
the_rock
Legend
Legend
‎2022-03-28 07:09 AM
In response to Amir_Senn

I thought it meant setting up some flags for smart event new report, again, sorry if I misunderstood.

Andy

0 Kudos
Amir_Senn
Employee
Employee
‎2022-03-28 07:36 AM
In response to the_rock

No problem at all=)

Kind regards, Amir Senn
0 Kudos
Libor_Kovar
Contributor
‎2022-03-29 10:37 AM

I have got an idea to use exported json files from certain checkpoint tool and convert them to the uml ad draw via https://plantuml.com/json but I have no knowledge  of either of these formats

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events