This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dave_Pisarek
Explorer
‎2017-11-29 01:28 PM

How to export Mobile Access rules

I am working on a R75 and looking to see if there is a way to export the rules for Mobile Access. I used Web Visualization Tool to view and export as xml but the rules we configured for mobile access are not part of that export. I am new to CP and needed to take over this device and would like to be able to view these rules in xml or html format. Anyway to do this?  

0 Kudos
16 Replies
PhoneBoy
Admin
Admin
‎2017-11-29 04:21 PM

Mobile Access Rules are in a separate database that's not covered by the Web Visualization Tool.

As far as I know there is no way to export these, particularly from R75.

0 Kudos
Dave_Pisarek
Explorer
‎2017-11-30 06:01 AM

I did notice these lines in the cvpnd.c file. 

:useLocalSwsPolicyFlag (0)
:swsLocalPolicyFilePath ("$CVPNDIR/htdocs/SNX/CSHELL/CPSWS_LOCAL.xml"

I see that this is set to 0 so apprently not enabled as this file does not exist. If this was enabled what would be available in this file?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-11-30 07:47 AM
In response to Dave_Pisarek

This is related to SecureWorkspace and not the Mobile Access ruleset.

0 Kudos
Dave_Pisarek
Explorer
‎2017-11-30 07:54 AM

One more question, I can see the policy via the Smart Dashboard but I cannot figure out how to see the users or application details. Is there anyway through the dashboard to see the actual details of the objects?

Screen shot:

0 Kudos
PhoneBoy
Admin
Admin
‎2017-11-30 09:55 AM
In response to Dave_Pisarek

There should be a section called Applications, to the left of the rulebase. 

Likewise, the User Groups are below that.

It's possible these are in slightly different locations in earlier releases.


0 Kudos
Dave_Pisarek
Explorer
‎2017-12-01 07:45 AM

Hmm, when I take a look at the same screen as your example I have nothing listed...

Is there anywhere else to see these user groups? 

0 Kudos
PhoneBoy
Admin
Admin
‎2017-12-01 09:25 AM
In response to Dave_Pisarek

They may be listed in LDAP Groups or Access Roles, depending on how it was set up.

0 Kudos
Kathleen_Murphy
Participant
‎2020-07-28 10:15 AM
In response to PhoneBoy

Is there any way to export mobile access policy from R80.10?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-07-28 11:14 AM
In response to Kathleen_Murphy

Legacy MAB Rules? No. If you use a unified policy, MAB Rules can be exported the same as regular Access Policy rules.

0 Kudos
carlos_luz
Explorer
‎2023-10-17 06:32 AM
In response to PhoneBoy

Hello @PhoneBoy ,

 Today is there one way to export this rules ? Over API or directly on management?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-17 07:00 AM
In response to carlos_luz

Legacy MAB configuration does not have any API support or ability to export rules that I'm aware of.
If you are using the Unified Policy mode, then those rules can be exported through the Management API like any other.

0 Kudos
carlos_luz
Explorer
‎2023-10-17 07:27 AM
In response to PhoneBoy

 My customer need transfer rules of MAB to unified. There is one way to do this ? Or only get one-by-one rule and reply on the unified.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-17 08:34 AM
In response to carlos_luz

There are no automated tools to convert from the legacy MAB policy to a Unified Policy.
It needs to be done by hand.

0 Kudos
Atlantic_Suppor
Explorer
‎2024-09-25 09:21 AM
In response to carlos_luz

you can run: (echo localhost; echo u; echo admin; echo "<admin_password>"; echo "-t connectra_policy -pf"; echo "-q") | queryDB_util

This will dump it out in this format which you can then go through and extract relevant info:

Q u e r y i n g D B
=====================

Object Name: connectra_authorization_policy
Table Name: connectra_policy
Fields Details
--------------
connectra_authorization_rules: (
0: (
applications: Name: World_Clock (Table: network_applications)
comment: Rule created automatically by Mobile Access wizard.
install_on: Name: Any (Table: globals)
user_groups: Name: grp_usertest (Table: users)
)
)

A total of 1 objects match the query.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-25 10:32 AM
In response to Atlantic_Suppor

R82 has API support for this.

0 Kudos
Atlantic_Suppor
Explorer
‎2024-09-25 09:19 AM
In response to Kathleen_Murphy

you can run: (echo localhost; echo u; echo admin; echo "<admin_password>"; echo "-t connectra_policy -pf"; echo "-q") | queryDB_util

This will dump it out in this format which you can then go through and extract relevant info:

Q u e r y i n g D B
=====================

Object Name: connectra_authorization_policy
Table Name: connectra_policy
Fields Details
--------------
connectra_authorization_rules: (
0: (
applications: Name: World_Clock (Table: network_applications)
comment: Rule created automatically by Mobile Access wizard.
install_on: Name: Any (Table: globals)
user_groups: Name: grp_usertest (Table: users)
)
)

A total of 1 objects match the query.



0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events