Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Goncalo_Barrada
Participant

R81.10 - Export/Import policy package

Hi all,

 

I would like to know if the script for import/export provided here (https://github.com/CheckPointSW/ExportImportPolicyPackage) works for R81.10 management? Should be API versioned so it should if so can someone help on the below issue:

import-export_pythonscript.png

 

I am running this for the first time but I have added the CP python SDK.

 

Thanks,

Gonçalo

0 Kudos
16 Replies
PhoneBoy
Admin
Admin

The API is versioned.
In fact, you can access the docs for the different versions here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.8%20

However, this error message suggest it's something more basic.
What version of the script are you running?
Flagging @chkp-royl 

0 Kudos
hboogie
Participant

I'm having an issue trying to export a policy from my R81.10 management server , but I'm getting the following error listed below: 

 

[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]# python import_export_package.py -op export --debug on
Please enter a Policy Package name to export:
"Policy-NY-UAT"
Please select a login method:
1. Enter user credentials manually
2. Login as Root
3. Use an existing session file
4. Use an existing session UID
99. Back
1
The script will run with the following parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = True
Export HTTPS Inspection layers = True
Output-file name = None
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
1
Please select a setting to change:
1. Disable export of Access-Control Rulebases
2. Disable export of Threat-Prevention Rulebases
3. Disable export of NAT Rulebases
4. Disable export of HTTPS Inspection Rulebases
5. Output file name
6. Change Management Server IP
7. Change Management Server Port
8. Change the domain name
99. Back
5
Please enter the output file name:
'test'
The script will run with the following parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = True
Export HTTPS Inspection layers = True
Output-file name = test
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
2
Please enter your username:
'admin'

Please enter your password:

Traceback (most recent call last):
File "import_export_package.py", line 26, in <module>
args = process_arguments(arg_parser)
File "/home/admin/ExportImportPolicyPackage-master/utils.py", line 113, in process_arguments
log_file = open(args.log_file, "w",newline='')
TypeError: 'newline' is an invalid keyword argument for this function
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]# clish -c 'show version all'
Product version Check Point Gaia R81.10
OS build 335
OS kernel version 3.10.0-957.21.3cpx86_64
OS edition 64-bit
[Expert@ny2-cp-sms1:0]#



any help is appreciated

0 Kudos
hboogie
Participant

it seems when I run the command for the policy export , the python files in the following directory get a 'c' added on the end :


[Expert@ny2-cp-sms1:0]# python --version
Python 2.7.18
[Expert@ny2-cp-sms1:0]# pwd
/home/admin/ExportImportPolicyPackage-master
[Expert@ny2-cp-sms1:0]# ls -la
total 164
drwxrwx--- 4 admin root 254 Sep 5 20:22 .
drwx------ 6 admin root 296 Sep 5 20:22 ..
-rwxrwx--- 1 admin root 11558 Sep 5 18:06 LICENSE
-rwxrwx--- 1 admin root 2358 Sep 5 18:06 README.md
-rwxrwx--- 1 admin root 14 Sep 5 18:06 __init__.py
drwxrwx--- 2 admin root 4096 Sep 5 18:18 exporting
-rwxrwx--- 1 admin root 3250 Sep 5 18:06 import_export_package.py
drwxrwx--- 2 admin root 147 Sep 5 18:18 importing
-rwxrwx--- 1 admin root 40592 Sep 5 18:06 lists_and_dictionaries.py
-rw-rw---- 1 admin root 15168 Sep 5 20:19 lists_and_dictionaries.pyc  ----> 'added "c"'
-rwxrwx--- 1 admin root 13465 Sep 5 18:06 menu.py
-rw-rw---- 1 admin root 8452 Sep 5 20:19 menu.pyc  ----> 'added "c"'
-rwxrwx--- 1 admin root 24917 Sep 5 18:06 utils.py
-rw-rw---- 1 admin root 21210 Sep 5 20:19 utils.pyc  ----> 'added "c"'
[Expert@ny2-cp-sms1:0]#



thanks again 

0 Kudos
PhoneBoy
Admin
Admin

That's "compiled" python and perfectly normal.

Current versions of the export/import tool require version 3.7 or above of python.
python (the command) on Check Point appliances refers to version 2.

[Expert@R8110:0]# python --version
Python 2.7.17

Try executing with python3 instead.

[Expert@R8110:0]# python3 --version
Python 3.7.7

@chkp-royl can we add a check to make sure the version of Python in use is a supported version?

0 Kudos
hboogie
Participant

Thanks Phoneboy for your help. 

That created my file

[Expert@ny2-cp-sms1:0]# ls -la
-rw-rw---- 1 admin root 31255 Sep 6 11:04 exported__package__Policy-NY-UAT__2022_09_06_11_04.tar.gz


Just wanted to mention that I have to edit my python environment variable in order to run the import/export script , is this expected ? 


[Expert@ny2-cp-sms1:0]# cd ExportImportPolicyPackage-master/

[Expert@ny2-cp-sms1:0]# python3 import_export_package.py -op export --debug on
Traceback (most recent call last):
File "import_export_package.py", line 5, in <module>
from cpapi import APIClient, APIClientArgs
ModuleNotFoundError: No module named 'cpapi'

[Expert@ny2-cp-sms1:0]# export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk-master/
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]# python3 import_export_package.py -op export --debug on
Please enter a Policy Package name to export:
Policy-NY-UAT
Please select a login method:
1. Enter user credentials manually
2. Login as Root
3. Use an existing session file
4. Use an existing session UID
99. Back
 


thanks again 

0 Kudos
PhoneBoy
Admin
Admin

Yes, you might have to set the python path appropriately for the script to work since I don't believe we install cpapi by default.

0 Kudos
hboogie
Participant

So I will need to employ the export command on the environment variable each time to use the impor/export script ...is there a way to make it so I dont' have to ? 

 

[Expert@ny2-cp-sms1:0]# cd ExportImportPolicyPackage-master/
[Expert@ny2-cp-sms1:0]# python3 import_export_package.py -op export --debug on
Traceback (most recent call last):
File "import_export_package.py", line 5, in <module>
from cpapi import APIClient, APIClientArgs
ModuleNotFoundError: No module named 'cpapi'
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]#
[Expert@ny2-cp-sms1:0]# export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk-master/
[Expert@ny2-cp-sms1:0]# python3 import_export_package.py -op export --debug on
Please enter a Policy Package name to export:


As you can see here , I had to change the environment variable in order to use the script 

 

0 Kudos
PhoneBoy
Admin
Admin

I believe there are two ways to resolve this issue:

  • Move the cpapi folder into the same directory that you're running the script from
  • Set the environment variable in ~/.bashrc or the appropriate initialization file for your shell of choice.
0 Kudos
GigaYang
Explorer

Hi,

After I upload “cp_mgmt_api_python_sdk” to /home/admin path. And run “export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk-master/” command at Expert mode.

 

I could not run python3 command. How should I fix this problem?

 

Thanks for a lot.

0 Kudos
PhoneBoy
Admin
Admin

Are you executing the script with python3?
What is the precise error?

0 Kudos
GigaYang
Explorer

Hi Sir,

As attach file. Thanks for a lot.

0 Kudos
PhoneBoy
Admin
Admin

What version/JHF is the management?
See if the following file exists: $FWDIR/Python/bin/python3
If this file does not exist, you probably don't have python3 installed and are very likely using an unsupported version.

0 Kudos
GigaYang
Explorer

Hi Sir,

The SMS version is R80.40 with JHF take 89.

"$FWDIR/Python/bin/python3" is not exit.

0 Kudos
PhoneBoy
Admin
Admin

Python3 was added in JHF 91, which was released in January 2021.
Which means if you upgrade to the latest GA JHF, you'll have Python3.

0 Kudos
GigaYang
Explorer

Hi Sir,

Yes, after we upgrade to JHF 173. Python3 can be use.

Thank you.

0 Kudos
chkp-royl
Employee
Employee

Python 2 is no longer supported, it's also mentioned in the read me.

Instructions on how to run the tool you can find here:

https://github.com/CheckPointSW/ExportImportPolicyPackage#instructions

0 Kudos