Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Raj_Khatri
Advisor
Jump to solution

Is GuiDBedit still supported in R80?

We made some changes in GuiDBedit in the past on R77.x, however, I wasn't sure if these changes were still supported in R80.  Didn't want to cause any DB issues or corruption, so wanted to make sure.

C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM

The particular gateway property change in question is "define_logging_servers"

0 Kudos
1 Solution

Accepted Solutions
Uri_Bialik

Yes, in R80, you can still use dbedit and GuiDbEdit to modify properties in the gateway object.

View solution in original post

0 Kudos
11 Replies
SantiagoPlatero
Collaborator

In my experience, in our EA version (take 3 if I not recall wrong) the GuiDBedit was almost unusable. The search worked partially and, for instance, when I tried to tweak some parameter from one of my gateway I cannot save the changes for some reason.

Now in the GA version the tool works flawlessly. In fact, to do the EA2GA procedure the Check Point engineer had to edit some parameter through the tool.

TL;DR: it depends on your enviroment, in EA maybe in later takes some bugs were fixed. In GA works ok.

0 Kudos
Uri_Bialik

Yes, in R80, you can still use dbedit and GuiDbEdit to modify properties in the gateway object.

0 Kudos
Don_Paterson
Advisor
Advisor

Hi Uri,

Are there any updates to this topic that are relevant to R80.10 and R80.20? In other words, please can you confirm that GUIDBedit.exe is still supported and also the deal with dbedit? 

I understand the GUIDBedit is still supported but think that dbedit is not (it doesn't actually work anymore).

Is there any reference to how GUIDBedit works in R80.10 and R80.20 since the objects are stored in the Postgres database? Is it still locking objects_5_0.C and using that file and if it is then how is the CPM DB updated?

Thanks,

Don

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi Don,

GuiDBEdit.exe works for some objects, not all. Usually if the GUI shows these objects in R77.30-style, this might indicate that you can edit them in GuiDBEdit and dbedit still. 

The way that it works is that dbedit process changes and reads objects through the FWM process, which then bridges the request to the CPM process - the new process that manages the central security management, and CPM handles input validation, multiple admin locks, etc. and finally stores in the databases. 

Objects_5_0.C and the other familiar files may be there, but they are updated upon policy installations for pre-R80 gateways. They no longer serve as the persistency of the data.

Don_Paterson
Advisor
Advisor

Thanks Tomer!

Makes sense.

My thinking here is (as always in this area) proceed with caution and usually under the advise of TAC.

This is just noise, you might not want to read it:

dbedit does still work (could've sworn it didn't in R80.x before) and I noticed it only promoted for localhost and no user authentication (that's different (no files to lock)).

I tried to create a network object (see below) and it worked (with the SmartConsole closed - and no publish in-between).

Was just a test, I know the API is the answer for that one and I would not recommend dbedit normally.

I was curious and thought/think it may be more about the Global Properties stuff and advanced object properties.


[Expert@SMS:0]# clish -c 'show version all'
Product version Check Point Gaia R80.10
OS build 421
OS kernel version 2.6.18-92cpx86_64
OS edition 64-bit
[Expert@SMS:0]# dbedit
Enter Server name (ENTER for 'localhost'):

Please enter a command, -h for help or -q to quit:
dbedit> create network mgmt-net2

dbedit> modify network_objects mgmt-net2 ipaddr 192.168.2.0

dbedit> modify network_objects mgmt-net2 netmask 255.255.255.0

dbedit> update_all
network_objects::mgmt-net2 Updated Successfully

Well that was fun, now, where was I...

Regards,

Don

0 Kudos
PhoneBoy
Admin
Admin

You can still use dbedit to create network objects in R80.x, though where the API allows, you should use that.

You definitely can't use dbedit to create/modify rules anymore.

Don_Paterson
Advisor
Advisor

Thanks for confirming Dameon. 🙂 How are we doing with creating the GW cluster object in the latest version of the API? 😉 

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
0 Kudos
Don_Paterson
Advisor
Advisor

Thanks. I think I did see a previous version of it (in a big bash script). 

I've had a couple of thread conversations with Dameon about creating (not being able to) cluster objects in dbedit and API R80, so just having some fun there 😉 (although it is a valid question).

BTW, why is your handle ofirsea040d26-f1f2-3b12-9fc6-5c89debaf56c in Check Mates?

Regards,

Don

 

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

I think that it caused since I changed the last name , since this day I have some "special" username

Ofir Shikolski

PhoneBoy
Admin
Admin

It's still part of the plans for upcoming releases--stay tuned Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events