Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Want to export object , policy file from checkpoint R77.30

Jump to solution

Hi ,

We are managing 10 context (virtual firewalls) on single physical firewall 4800 in Active-active mode. We are trying to check object list , policies , routes of individual firewall or complete MDS but failed to collect.

Tried to export  Objects_5_0.C file(From MDM)  but it is showing only 9000 address object which has shared/global objects. local firewall objects are not showing
Tried to export  Objects_5_0.C fil but address object count is not correct

Checked below paths but backup neither showing for individual context nor for complete Firewall

1. Objects_5_0.C -  found this on: /opt/CPsuite-R77/fw1/conf
2. Rulebases_5_0.fws -  found this on: /opt/CPsuite-R77/fw1/conf
3. PolicyName.W - a file with extension .W”, the filename takes the policy’s name (by default Standard.W). Those files are stored in the SmartCenter (Management) under “$FWDIR/conf”

Please suggest. Thanks in advance

 

0 Kudos
2 Solutions

Accepted Solutions
Highlighted
Admin
Admin

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
When using multi-domain with global objects, there is no one "single source" for objects in use on a given domain.
It is a combination of global objects and local objects, which are in two different databases, as you pointed out.
I believe a combined version MAY be pushed to $FWDIR/state for the various VSes.
However, not having a VSX gateway handy, I'm not sure exactly what that directory looks like, which will surely be different than a non-VSX gateway.

View solution in original post

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
Looks like you were only looking at the global level?
Did you look at the different objects_5_0.C in each domain?
You can see the domainlist with mdsstat and go to each domain with mdsenv <IP> or mdsenv <CMA-name>
Then check the $FWDIR/conf which converts to:
/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf
Regards, Maarten

View solution in original post

5 Replies
Highlighted
Admin
Admin

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
When using multi-domain with global objects, there is no one "single source" for objects in use on a given domain.
It is a combination of global objects and local objects, which are in two different databases, as you pointed out.
I believe a combined version MAY be pushed to $FWDIR/state for the various VSes.
However, not having a VSX gateway handy, I'm not sure exactly what that directory looks like, which will surely be different than a non-VSX gateway.

View solution in original post

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
Looks like you were only looking at the global level?
Did you look at the different objects_5_0.C in each domain?
You can see the domainlist with mdsstat and go to each domain with mdsenv <IP> or mdsenv <CMA-name>
Then check the $FWDIR/conf which converts to:
/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf
Regards, Maarten

View solution in original post

Highlighted
Ivory

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
Thank you very much Maarten.
"/opt/CPmds-R77/customers/<CMA-Name>/CPsuite-R77/fw1/conf " in this path now I am able to get object , policies for individual context.

Is it possible to collect a single file which include object of all context ? , policies of all context ?
or Single MDM backup including all context ?
0 Kudos
Highlighted
Nickel

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
for this kind of assestment i think this could help you a bit: sk64501
(no routes export with this tool)

then you need to manipolate the output as you need
0 Kudos
Highlighted

Re: Want to export object , policy file from checkpoint R77.30

Jump to solution
Also there the same applies, you need to run it per CMA.
There is no way to get it all in one go, so just create a script that will loop through all domains and create a index HTML file to summarize all policies.
Regards, Maarten
0 Kudos