This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Garrett_DirSec
Advisor
‎2023-10-02 12:55 PM

possible to extract last installed policy from centrally managed SMB GAIA

Hello --  without boring everyone with the details, we have the following situation:

Customer has numerous 1500-series SMB GAIA device that are used on annual basis (during election cycle).    These device spent months sitting in cold storage and brought out couple months before use.

The issue:   due to various issues, the central SmartCenter mgmt service used for these devices was "lost".   No backups.

Customer is asking if we can extract the installed policy on SMB GAIA device and use to rebuild SmartCenter policy. 

I realize that installed policy is compiled and human readable references are removed (and likely not available .. but unsure).

However, I didn't want to say explicitly "NO" without getting some input.

Any insight would be appreciated.   -GA

0 Kudos
3 Replies
Garrett_DirSec
Advisor
‎2023-10-02 12:59 PM

BTW -- I found this great article on support. 

Policy installation flow

https://support.checkpoint.com/results/sk/sk101226

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-10-03 12:48 AM

Try a show configuration to see details of the SMBs configuration. For GAiA find a discussion here:

https://community.checkpoint.com/t5/Security-Gateways/Show-Ruleset-and-Objects-on-the-Gateway-Emerge...

The used db_tool is not present on SMBs running R81.10.0x, but what should be true is: TAC / PS have developed a CP-internal method to recover the security policy from a gateway. Ask them for help in such cases.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-03 07:47 AM

I assume you might be able to find something in $FWDIR/state/local/FW1 similar to a regular gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events