cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Did you know? SmartConsole Tags

R80 and R80.10 provide a new feature for ease of security management: Tags.

We have presented it in Check Point conventions dating back to 2013 - it's time that we discuss them at CheckMates as well Smiley Happy

The purpose with tags is to ease the searches and associations of objects. You can tag any object from its Object Editor, as well as with the Security Management CLI or API. 

You can then search for all objects that belong to a specific tag.

In the Object Explorer:

When picking objects in places like security policies:

In addition of simplified user experience, Tags have good value in the world of automation and orchestration.

Labels (1)
13 Replies
Admin
Admin

Re: Did you know? SmartConsole Tags

I don't use this feature nearly enough Smiley Happy

0 Kudos

Re: Did you know? SmartConsole Tags

All,

How would you do a bulk modify of objects to insert tags based on a csv?  I have tried the following to no avail.  what am i doing wrong?  

dataset examples

name,tag

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

name,tags

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

name,tag.add

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

with the following commands. 

mgmt_cli set network --batch /path/to/csv/dataset.csv --format json -s id.txt > tag_add.json

mgmt_cli publish -s id.txt

Nothing gets published.  What is the structure of the dataset supposed to look like?  Or is this just something that isn't working yet?

Sincerely, 

Rupert

Admin
Admin

Re: Did you know? SmartConsole Tags

Note the header line on this CSV file:

name,tags.add

net-internal,tag1

net-dmz,tag2

This worked.

[Expert@mumford:0]# mgmt_cli -r true set network --batch tag.csv

---------------------------------------------

Time: [16:21:25] 2/8/2018

---------------------------------------------

"Publish operation"  succeeded  (100%) 

Vladimir
Pearl

Re: Did you know? SmartConsole Tags

Can you tell me how the CSV should look like if I am trying to create network objects with multiple tags?

name,subnet, subnet-mask,tags.add,tags.add

Net_10.0.0.0,10.0.0.0,255.255.255.0,ny,data

Net_10.0.0.1,10.0.0.1,255.255.255.0,nj,voice

Admin
Admin

Re: Did you know? SmartConsole Tags

Maybe tags.add.1, tags.add.2, etc

0 Kudos
Vladimir
Pearl

Re: Did you know? SmartConsole Tags

Nope.

Getting:

[Expert@SMS8010:0]# mgmt_cli add network --batch test1.csv
Username: admin
Password:
Line 2: code: "generic_err_invalid_parameter"
message: "Invalid parameter for [tags]. Invalid value"

Line 3: code: "generic_err_invalid_parameter"
message: "Invalid parameter for [tags]. Invalid value"


Executed command failed. Changes are discarded.
[Expert@SMS8010:0]#

CSV that looks like:

name,subnet,subnet-mask,tags.add.1,tags.add.2
Net_10.0.0.0,10.0.0.0,255.255.255.0,ny,data
Net_10.0.0.1,10.0.0.1,255.255.255.0,nj,voice

0 Kudos
Vladimir
Pearl

Re: Did you know? SmartConsole Tags

OK. Figured it out finally:

no need to include ".add" when creating objects with tags from CSV.

This format works:

name,subnet,subnet-mask,color,tags.1,tags.2
Net_10.0.0.0,10.0.0.0,255.255.255.0,red,ny,data
Net_10.0.0.1,10.0.1.0,255.255.255.0,red,nj,voice

Creating objects:

 

Thing to note is that tags appear in alphabetical order, so if you want to see them in identical order, pre-phase them the type.

I.e.: "loc-ny, typ-data" and "loc-nj,typ-voice". Then they will appear in order:

 

Will_Hillis
Nickel

Re: Did you know? SmartConsole Tags

So you can not control policy by tags, it is just for searching in the GUI?

I'd like to see tags being able to be used for policy enforcement.

Employee+
Employee+

Re: Did you know? SmartConsole Tags

Hey Will,

 

Currently - yes. We do support imported tags from various external sources though.

Could you please share more info on your use case for internal SmartConsole tags?

Cihat_Bulut
Nickel

Re: Did you know? SmartConsole Tags

Hi,

 

I  have added 50 domain (fqdn) objects with the "library" tag.

I want to add the "library" tag in the destination column of a rule.

Gateway should allow all domains (also all objects) tagged with "library" in the future.

How can I achieve this?

 

BR   

Employee+
Employee+

Re: Did you know? SmartConsole Tags

Hi

I think this would be better achieved using a Network Group (Simple Group) object called library.

You can add it to the Destination column of the relevant rule.

In the future when you add additional objects to the Network Group, it will be part of the Destination.

 

HTH

Tal

0 Kudos
Cihat_Bulut
Nickel

Re: Did you know? SmartConsole Tags

Dear Tal,

 

I've done it what you've suggested. But it is not what I want.

 

BR

0 Kudos
Employee+
Employee+

Re: Did you know? SmartConsole Tags

Hi

 

I do not think this is how Tags work but perhaps you could do it using a script and Management API to list all the objects that have a specific Tag and then add them to a specific rule.

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-tag~v1.5%20

 

Tal

0 Kudos