This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sorin_Gogean
Advisor
‎2022-06-08 03:33 AM

Objects Utilization Report

Hello everyone,

 

We're in a process to clean-up the old objects that we have on our CheckPoint environment. For that, we were using until last year, usage reports on rules/groups/objects from AlgoSec, but today that option is not available anymore.

 

As example:

Untitled.png

 

So, can you recommend a way to generate some Usage Reports on Groups/Objects, so we would easily identify the "obsolete" ones.

 

Thank you,

25 Replies
Timothy_Hall
Legend Legend
Legend
‎2022-06-08 05:15 AM

I don't think you can can easily determine which objects are hit the most without doing some heavy log crunching with something like Algosec.  However there is a hidden option in the Object Explorer that can show you completely unused objects:

unused.png

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
Sorin_Gogean
Advisor
‎2022-06-08 06:15 AM
In response to Timothy_Hall

Hey @Timothy_Hall ,

 

Thank you for pointing that out,

I was aware of that option, but it shows the defined objects that are not used in any rule.

And most definitely we can use that for clean-ups of orphaned objects, but like you concluded we're looking for the other option "doing some heavy log crunching with something like Algosec".

In the end I'll play dumb and get an AlgoSec Demo for a month or so, and still have some better view/reporting, if no other tool can do this.

 

Ty,

 

 

 

0 Kudos
Matlu
Advisor
‎2023-08-08 09:42 AM
In response to Timothy_Hall

Hello,

Can I be 100% sure and confident that this option shows me all those objects that are not being used, and therefore, I can safely remove them from the SMS?

I currently have an SMS Smart-1, which is showing me more than 500 Items "apparently" that are not being used.

UNOB.png

Greetings.

the_rock
Legend
Legend
‎2023-08-08 10:09 AM
In response to Matlu

Hey bro,

Yes, I am 100% POSITIVE the ones that show up in unused objects are indeed unused. I feel confident about it, because I went over that in at least 5 different labs and 2 of them had probably close to 100 objects showing there and I clicked on "where used" on every single one of them and it was not used anywhere. I always say to people, just to be on the safe side, you can do the same, but backup/migrate_server is better to have, just in case.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-08 10:13 AM
In response to the_rock

Thank you for clarifying my doubt.

One question I have is, deleting such a large number of objects (more than 500), doing it manually through the SmartConsole, is too exhausting.

Are there ways/options to delete such amount of objects that are already "unusable"?

Thank you. 🙂

0 Kudos
the_rock
Legend
Legend
‎2023-08-08 10:16 AM
In response to Matlu

Yes, you have to keep clicking CTRL to highlght as many as you can and then delete them.

Andy

 

Screenshot_1.png

0 Kudos
the_rock
Legend
Legend
‎2023-08-08 10:17 AM
In response to Matlu

You can also do CTRL+A to highlight all of them, but does not always work lol

Andy

0 Kudos
Matlu
Advisor
‎2023-08-08 10:26 AM
In response to the_rock

Thank you.

I will delete all the objects listed as "not used".

Some objects in the MODIFIER field are listed as "WEB API" and "System".

I guess that shouldn't worry us, right?

As long as they are listed as unused, we can delete them with peace of mind.

0 Kudos
the_rock
Legend
Legend
‎2023-08-08 10:27 AM
In response to Matlu

Si senor 🙂

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-08-09 06:00 AM
In response to the_rock

One SUPER IMPORTANT NOTE: Automatic NAT counts as a property of the object, not as a use of the object. Deleting an object which has automatic NAT rules can break stuff, even if Where Used says the object is not used.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-08-08 12:47 PM
In response to Matlu

Yes as @the_rock said the Unused Objects is 100% accurate.  In much older releases there was an issue where objects could show up here even though they implemented needed Automatic NAT rules in their properties, and when the objects were removed the results were...unfortunate for NAT functionality.  Thankfully that was fixed long ago.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-08-09 06:32 AM
In response to Timothy_Hall

Unfortunately, still an issue as of R81.10 jumbo 110.

Automatic NAT doesn't use objects.png

Henrik_Noerr1
Advisor
‎2023-08-09 07:25 AM
In response to Bob_Zimmerman

wow, that is toxic.

Thanks for bringing it up

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 07:38 AM
In response to Henrik_Noerr1

I noticed in R81.20 as well..

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-08-09 07:38 AM
In response to Bob_Zimmerman

Reading this thread I knew something was wrong here as I remember this issue being fixed.  I tested it in my lab and what I remember being rectified is not the "Where Used" function that @Bob_Zimmerman correctly points out, but the "Unused Objects" setting on the Objects Explorer, which does exhibit the proper behavior when Automatic NAT rules are present as shown below.  This was on R81.20 but I'm confident the fix was introduced somewhere in R80.X0 releases:

nat1.pngnat2.png

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
the_rock
Legend
Legend
‎2023-08-09 07:49 AM
In response to Timothy_Hall

Yep, thats 100% the case. Just did it in my R81.20 lab and exact same results. 

Andy

0 Kudos
Matlu
Advisor
‎2023-08-09 08:13 AM
In response to the_rock

Hello,

So, according to the latest comments I'm reading.

It is no longer 100% safe to "delete everything" that appears in "Unused Objects"?

I would still have to manually check every single object before "deleting" it?

😞

Greetings.

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 08:15 AM
In response to Matlu

If there is nat on the object, then it will NOT show as hidden. Sorry, I meant unused.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-09 08:22 AM
In response to the_rock

If I have an object with an "AUTOMATIC NAT", will this type of object not appear in the "UNUSED OBJECTS" list?

This is my understanding.

Is my interpretation correct?

Then, I can "recover" the faith in the UNUSED OBJECTS (and delete what appears in this list, without fear).

😇

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 08:25 AM
In response to Matlu

Correct bro. Any object with nat, static or dynamic, will NOT appear in unused object.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-09 08:34 AM
In response to the_rock

Ok.

Then, I can debug, without fear.

Thanks for your help.

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 09:04 AM
In response to Matlu

No problem.

0 Kudos
the_rock
Legend
Legend
‎2023-08-09 10:01 AM
In response to Matlu

Regardless, I would still always generate backup/migrate_server.

Andy

0 Kudos
Matlu
Advisor
‎2023-08-09 10:11 AM
In response to the_rock

Oka.

I see that you recommend, to take the backup, with the "migrate_server export".

Is it no longer recommended to use the "migrate export"?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top