Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Want to export object , policy file from checkpoint R77.30

Jump to solution

Hi ,

We are managing 10 context (virtual firewalls) on single physical firewall 4800 in Active-active mode. We are trying to check object list , policies , routes of individual firewall or complete MDS but failed to collect.

Tried to export  Objects_5_0.C file(From MDM)  but it is showing only 9000 address object which has shared/global objects. local firewall objects are not showing
Tried to export  Objects_5_0.C fil but address object count is not correct

Checked below paths but backup neither showing for individual context nor for complete Firewall

1. Objects_5_0.C -  found this on: /opt/CPsuite-R77/fw1/conf
2. Rulebases_5_0.fws -  found this on: /opt/CPsuite-R77/fw1/conf
3. PolicyName.W - a file with extension .W”, the filename takes the policy’s name (by default Standard.W). Those files are stored in the SmartCenter (Management) under “$FWDIR/conf”

Please suggest. Thanks in advance

 

0 Kudos
2 Solutions

Accepted Solutions
Highlighted
Admin
Admin
When using multi-domain with global objects, there is no one "single source" for objects in use on a given domain.
It is a combination of global objects and local objects, which are in two different databases, as you pointed out.
I believe a combined version MAY be pushed to $FWDIR/state for the various VSes.
However, not having a VSX gateway handy, I'm not sure exactly what that directory looks like, which will surely be different than a non-VSX gateway.

View solution in original post

Highlighted
Looks like you were only looking at the global level?
Did you look at the different objects_5_0.C in each domain?
You can see the domainlist with mdsstat and go to each domain with mdsenv <IP> or mdsenv <CMA-name>
Then check the $FWDIR/conf which converts to:
/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf
Regards, Maarten

View solution in original post

5 Replies
Highlighted
Admin
Admin
When using multi-domain with global objects, there is no one "single source" for objects in use on a given domain.
It is a combination of global objects and local objects, which are in two different databases, as you pointed out.
I believe a combined version MAY be pushed to $FWDIR/state for the various VSes.
However, not having a VSX gateway handy, I'm not sure exactly what that directory looks like, which will surely be different than a non-VSX gateway.

View solution in original post

Highlighted
Looks like you were only looking at the global level?
Did you look at the different objects_5_0.C in each domain?
You can see the domainlist with mdsstat and go to each domain with mdsenv <IP> or mdsenv <CMA-name>
Then check the $FWDIR/conf which converts to:
/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf
Regards, Maarten

View solution in original post

Highlighted
Ivory
Thank you very much Maarten.
"/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf " in this path now I am able to get object , policies for individual context.

Is it possible to collect a single file which include object of all context ? , policies of all context ?
or Single MDM backup including all context ?
0 Kudos
Highlighted
Nickel
for this kind of assestment i think this could help you a bit: sk64501
(no routes export with this tool)

then you need to manipolate the output as you need
0 Kudos
Highlighted
Also there the same applies, you need to run it per CMA.
There is no way to get it all in one go, so just create a script that will loop through all domains and create a index HTML file to summarize all policies.
Regards, Maarten
0 Kudos