Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mathias_Weidner
Explorer

Analyze firewall config on checkpoint appliance

Hi all,

 

I want to analyze the configuration on older firewall appliances (1450) with R77.20.80.

In expert mode I found a lua script that seemed to export the whole configuration as CSV, that I can call as

# lua /pfrm2.0/bin/cli/showConfig.lua

The output looks good so far except for the port forwarding on a server definition:

add server name "JTBCK01" ipv4-address "a.b.c.d" dhcp-exclude-ip-addr "on" dhcp-reserve-ip-addr-to-mac "off" dns-resolving "false"
set server server-ports "JTBCK01" web-server "off" mail-server "off" dns-server "off" ftp-server "off" citrix-server "off" pptp-server "off" custom-server "on"
set server server-access "JTBCK01" access-zones "all-zones" allow-ping-to-server "on" log-blocked-connections "on" log-accepted-connections "on"
set server server-nat-settings "JTBCK01" nat-settings "port-forwarding" port-address-translation "off" force-source-hide-nat  "on"

This server uses a non-standard port and I can see the port definition in the web interface but nowhere in the output of the above mentioned script.

Is there anything I am missing or are there better ways to analyze configurations from older firewalls.

Thanks for your help.

Kind regards,

Mathias

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

This is not an older firewall, but a SMB device from April 2016 - so the question should be under https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/bd-p/smb-smp !

 

About the show config.lua: This can simply be called in CLISH as described in my Configuration transfer between different SMB models.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Mathias_Weidner
Explorer

Sorry for my ignorance. I wasn't aware that the post should be under " SMB Appliances and SMP" and neither did I know the CLISH command.

The CLISH command gives me the same output but unfortunately the port for the custom-server is still missing.

I guess I have to be aware of this and fill in the missing pieces from the web interface.

Thanks for your reply.

0 Kudos
G_W_Albrecht
Legend
Legend

You do not need the web interface as all is also available on the CLI: Check Point R77.20.80 600/700/1100/1200R/1400 Appliance CLI Reference Guide

Just try a

# show servers 

or

# show server <name>

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events