cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Can I export and import a policy?

Jump to solution

In R77 we had "save policy as", which was useful in order to have multiple copies of a policy. What is the equivalent for that in R80?

1 Solution

Accepted Solutions

Re: Can I export and import a policy?

Jump to solution

April 2017 update: An standalone open-source tool exists for exporting and importing policies and objects by using the R80 or R80.10 Management API:  Python tool for exporting/importing a policy package or parts of it

This tool exports a policy package as a list of csv files that can later by imported into a different management setup.

In R80 you can export a policy, but not import.

Export can be done:

  1. From SmartConsole go to a layer, and click on Actions-->Export, which will save the entire layer as a CSV file.export.png

  2. Using the "show access layer" API command. Since the result is a JSON structure, when using it inside the Management Server SSH you can pipe it into other formats.

Importing a layer, a policy, or an entire policy package, is planned as an API command for the next releases.

Please note that for some of the use cases, SmartConsole has alternative tools.

Please reply to this thread with your input - are these tools sufficient, or do you find other cases where need the import option? For example:

  • Moving policies between different domains in multi-domain environments.
  • Exporting an importing an entire database in order to refresh the platform underneath.
10 Replies

Re: Can I export and import a policy?

Jump to solution

April 2017 update: An standalone open-source tool exists for exporting and importing policies and objects by using the R80 or R80.10 Management API:  Python tool for exporting/importing a policy package or parts of it

This tool exports a policy package as a list of csv files that can later by imported into a different management setup.

In R80 you can export a policy, but not import.

Export can be done:

  1. From SmartConsole go to a layer, and click on Actions-->Export, which will save the entire layer as a CSV file.export.png

  2. Using the "show access layer" API command. Since the result is a JSON structure, when using it inside the Management Server SSH you can pipe it into other formats.

Importing a layer, a policy, or an entire policy package, is planned as an API command for the next releases.

Please note that for some of the use cases, SmartConsole has alternative tools.

Please reply to this thread with your input - are these tools sufficient, or do you find other cases where need the import option? For example:

  • Moving policies between different domains in multi-domain environments.
  • Exporting an importing an entire database in order to refresh the platform underneath.

Re: Can I export and import a policy?

Jump to solution

Dear Tomer,

As we discussed I would like to add the answer you gave me on why we would actually export a policy file if import is not an option.

In addition I would like to record here that export options for Permission profiles and Administrators currently don't exist and a Request for Change is submitted.

What could an export give me:

  • Work locally on objects with a local copy
  • Reporting
  • Especially useful for views that have lots and lots of rows such as IPS Protections and Object Explorer.
0 Kudos

Re: Can I export and import a policy?

Jump to solution

Hi Tomer

Moving policies and their associated clusters would be helpful, certainly we have had need to reorganize domain cluster groupings as the organization changes over time.

I also agree with Peter - we need to be able to export permission profiles-  if fact to be able to configure perm profiles via API would also be good.

We are also looking to be able to publish all changes carried out within a session to an external source for audit trail purposes - configurable per administrator

Richard

0 Kudos

Re: Can I export and import a policy?

Jump to solution

What is the best way to export a very large access layer rulebase? There seem to be a limit on the number of rules that can be exported at once? Guess I can script it and cycle through the rulebase using the offset but why the limitation or have I missed something?

Would be helpful to have some API calls to query policy stats e.g number of active\inactive access rules\rules without logging\number of NAT rules\number of policy packages etc. Most can be gather from existing API call but might be helpful just to be able to do some stats directly

0 Kudos

Re: Can I export and import a policy?

Jump to solution

Hi, the instructions for exporting a very large rulebase are the same. These commands query the rulebase multiple times by pages of 50 or 100 rules (depending the specific command), and then aggregate the results to the output file or JSON structure. Therefore, there is no limit on the number of rules that can be exported at the same time.

In the case of the API command, you can also change the page size if you find that it makes the response faster on your side. This depends on the specific Internet speed on your side and the number of objects that are selected in your rulebase. You can also specify offsets and limits. Please refer to the API documentation for more details.

Thank you for the suggestions regarding "rulebase statistics". We will add this to our roadmap plans.

0 Kudos

Re: Can I export and import a policy?

Jump to solution

Please have a look at Python tool for exporting/importing a policy package or parts of it

This tool exports a policy package as a list of csv files that can later by imported into a different management setup

0 Kudos
Alex_Tooze
Nickel

Re: Can I export and import a policy?

Jump to solution

I'm interested in using this export/import tool on an R80.10 MDS, but haven't done much with Python in this environment. Is the interpreter installed by default? If so, where do I find it?

Alternatively, do I need to compile the modules? In which case, where would I find the compiler? There is no obvious 'python' in e.g. /opt/CPsuite-R80/fw1/Python/lib/python2.7.

Thanks,

Alex

Admin
Admin

Re: Can I export and import a policy?

Jump to solution

Python is there, but it's buried.

Should be in $FWDIR/Python/bin/python

0 Kudos
Alex_Tooze
Nickel

Re: Can I export and import a policy?

Jump to solution

Thanks Damien - found it in $FWDIR/fw1/Python/bin/python

Alex_Tooze
Nickel

Re: Can I export and import a policy?

Jump to solution

Seems to work a treat 🙂