Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor

Importing policy package without objects

Jump to solution

Hi,

I am using the script from Github to migrate policies from one management server to another management server.

https://github.com/CheckPoint-APIs-Team/ExportImportPolicyPackage

The script works fine, but every time I migrate an additional policy package all objects are also created again which results in duplicated objects (with e different name).

Is there a procedure/option in the script so only the policy is imported without importing all objects again?

Regards,
Martijn 

0 Kudos
2 Solutions

Accepted Solutions
Omer_Kleinstern
Employee
Employee

Hi @Martijn ,

 

We released a new version of the tool (v5.3) with the flag "--skip-duplicate-objects" that addresses your needs.

 

Thanks,

Omer

View solution in original post

Omer_Kleinstern
Employee
Employee

Hi Jarvis,

 

The tool does not update existing objects.

The only options are - create a new object (the default) or use the existing object.

 

Thanks,

Omer

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

As far as I know, no.

0 Kudos
Itai_Minuhin
Employee
Employee

Hi Martijn,

Can you elaborate on the use case in which you import a policy multiple times to the same domain or Management server? 

Is it import of policy from a staging environment to production? 

Thanks, 

Itai

0 Kudos
Martijn
Advisor

Hoi Itai,

Customer has a SmartCenter which has been migrated several times over the last couple of years. Every time we performed a major upgrade, we used the export of the database. The SmartCenter was on R80.40, but originates from a time in which the customer had Nokia IP appliances on R60. The database had a lot of legacy configuration and current administrators had no idea why some settings where altered or if they are needed today.

When building the new VSX clusters, the customer decided to start from scratch. Making sure all settings, parameters, timers where default again. So we installed al clean R81.10 SmartCenter and used the Python script to import the rule base. This works fine.

But there is more than one rule base on the SmartCenter because it manages multiple gateways. So we are not trying to import the same rule base twice. We are importing different rule bases. But when an object is used in more than one rule base and we import the second policy, the script does not check if the object excists and uses that object, but creates a new object to use in second imported policy. Because the object is already in the object database, the newly created object has a name containg 'NAME_COLLISSION_'

We have to manually find and replace all name collission objects with the original objects. And with large rule bases, this is a lot of work.

I hope this makes my question more clearly.

Regards,
Martijn

Omer_Kleinstern
Employee
Employee

Hi @Martijn ,

 

We released a new version of the tool (v5.3) with the flag "--skip-duplicate-objects" that addresses your needs.

 

Thanks,

Omer

Jarvis_Lin
Contributor

Hi Omer_Kleinstern,

I have a similar problem,

when I export the group name is AFD, there are 3 members in it.

The imported target has a group name called AFD with 2 members in it.

When the "--skip-duplicate-objects parameter" is set, will the third member be missed?

Or can other parameters be added to make the members of the group consistent?

 

Thanks,

Jarvis

 

0 Kudos
Omer_Kleinstern
Employee
Employee

Hi Jarvis,

 

The tool does not update existing objects.

The only options are - create a new object (the default) or use the existing object.

 

Thanks,

Omer

0 Kudos
K_montalvo
Advisor

You can do a fresh install and use the following link to do the migrate_server but this will migrate everything including objects, you can maybe later try to open the objects explorer and delete the objects you don't want using the right procedure. The following link is the method i used recently for a client, but let see if someone else have a method of doing it like you are asking.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...