- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I need to try and find a way export the IPS settings on a locally managed 1100 running R77.20.80 (990172392). There doesn't appear to be any way via the GUI to export. Perhaps it's possible from the CLI or even via the backup?
Any ideas would be helpful. Thanks.
I imagine it is included in the backup but it’s probably not something you can easily extract.
You can use show configuration command and filter for IPS with grep, but the syntax is not perfect to load it back, so you will probably need to do some tweaking like removing unnecessary double-quotes and dashes.
The process of using show configuration for config transfer is elaborated here: Configuration transfer between different SMB models
Really, ips settings are the largest part here (6860 lines from 7928), apart from global and special settings consisting of:
# IPS topic view
set threat-prevention ips protection-action-override protection-code "8161769329" override-policy-action "false"
Whole IPS config part is stretching from
# IPS engine settings
to
# IPv6 enforcment settings
There maybe another possibility available if we look where the IPS details are stored - the folder /storage/ips includes:
- a file /storage/ips/cmi_loader_sig_ids.conf
- a folder "update" containing:
two config folders, 0 and 1, with two links pointing to them called cur (current) and old
file /storage/ips/update/Version.tmp
file /storage/ips/update/Version
file /storage/ips/update/next_update
file /storage/ips/update/ips_status.C
and the SQL database file /storage/ips/update/ips.db
ips.db can be opened using open source tool as DB Browser for SQLite.
Thank you for these pointers. I'll give this a try and post back.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY