Four Ways to SASE
April 23, 5PM CET | 11AM ET
Boosting Performance &
Stability
with Harmony Endpoint E88.70!
It's Here!
CPX 2025 Content
Zero Trust: Remote Access and Posture
Help us with the Short-Term Roadmap
The Future of Browser Security:
AI, Data Leaks & How to Stay Protected!
CheckMates Go:
What is UPPAK?
Adam_Forester
One of the first ever pieces I wrote for CheckMates is a script that would delete unused objects. I was very specific to Host/Network/Group back then. Recently I had a reason to update the tool and now have a new version that will digest objects based off of TYPE so you get delete files you can use in batch commands by object type. I have found no limit to object database size since this loops.
I will say something like this is going to be done quickly and easily with AI co-pilot but until then enjoy!
One of the first ever pieces I wrote for CheckMates is a script that would delete unused objects. I was very specific to Host/Network/Group back then. Recently I had a reason to update the tool and now have a new version that will digest objects based off of TYPE so you get delete files you can use in batch commands by object type. I have found no limit to object database size since this loops.
I will say something like this is going to be done quickly and easily with AI co-pilot
...;
Adam_Forester
I should probably note that the Python version is till a work in progress... I'm not a python expert so that one still needs work. The Shell version works excellently.
the_rock
the_rock
Nm, disregard, I see its in that link, let me try and will report if it works
Thanks @Adam_Forester
Nm, disregard, I see its in that link, let me try and will report if it works
Thanks @Adam_Forester
;
the_rock
Not sure if this looks right, but all I get is below. I also tried on another lab mgmt server, same thing
Andy
[Expert@cpazuremgmt:0]# ./delete-unused-objects.sh
What is the IP address or Name of the Domain or SMS you want to check?
20.220.86.199
There are 1 objects
[Expert@cpazuremgmt:0]# ls
delete-unused-objects.sh
[Expert@cpazuremgmt:0]#
Not sure if this looks right, but all I get is below. I also tried on another lab mgmt server, same thing
Andy
[Expert@cpazuremgmt:0]# ./delete-unused-objects.sh
What is the IP address or Name of the Domain or SMS you want to check?
20.220.86.199
There are 1 objects
[Expert@cpazuremgmt:0]# ls
delete-unused-objects.sh
[Expert@cpazuremgmt:0]#
Adam_Forester
Ya know... It helps if I publish the correct version. 😂
I just updated it and retested in my lab.
You can then take the files and run them as batch;
Example: mgmt_cli -r true delete host --batch host_127.0.0.1_unused_objects.log
the_rock
Thats better mate lol
Andy
[Expert@CP-management:0]# ./delete-unused-objects.sh
What is the IP address or Name of the Domain or SMS you want to check?
172.16.10.252
There are 4 objects
[Expert@CP-management:0]# ls
address-range_172.16.10.252_unused_objects.log
delete-unused-objects.sh
group_172.16.10.252_unused_objects.log
host_172.16.10.252_unused_objects.log
Thats better mate lol
Andy
[Expert@CP-management:0]# ./delete-unused-objects.sh
What is the IP address or Name of the Domain or SMS you want to check?
172.16.10.252
There are 4 objects
[Expert@CP-management:0]# ls
address-range_172.16.10.252_unused_objects.log
delete-unused-objects.sh
group_172.16.10.252_unused_objects.log
host_172.16.10.252_unused_objects.log
_Val_
Tomer_Noy
Thank you for sharing the script and it's always nice to see people leveraging our APIs 😀
I wanted to ask though, why you don't perform this action through the SmartConsole UI? (or perhaps the option is not visible enough...).
If you open the Object Explorer (via the top menu or by clicking the three-dots in the right side Objects pane), there is a combobox at the top left that says "All" by default. If you open it, you can select "Unused Objects" instead and it will filter the contents. You also have the left side filters to hierarchically filter by object types.
Once you filtered for what you wanted, you can multi-select all objects and delete them.
Also, another comment that can help you make the script more efficient is to leverage the "delete objects-batch" command that can delete many objects in a single API call and transaction:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-objects-batch~v1.9.1%20
Thank you for sharing the script and it's always nice to see people leveraging our APIs 😀
I wanted to ask though, why you don't perform this action through the SmartConsole UI? (or perhaps the option is not visible enough...).
If you open the Object Explorer (via the top menu or by clicking the three-dots in the right side Objects pane), there is a combobox at the top left that says "All" by default. If you open it, you can select "Unused Objects" instead and it will filter the
...;
Adam_Forester
Hey Tomer! Great question... I wrote the original version back in 2016, this was more of I need to update based on time passed and efficiency of my own code practices.
As for the batch delete command it would require me to one line this and my original idea was for the code to be in a format that was reviewable and the executed with the --batch command based on object type.
I appreciate the input! I may add a second part that would output them into a single code line as an optional output
Hey Tomer! Great question... I wrote the original version back in 2016, this was more of I need to update based on time passed and efficiency of my own code practices.
As for the batch delete command it would require me to one line this and my original idea was for the code to be in a format that was reviewable and the executed with the --batch command based on object type.
I appreciate the input! I may add a second part that would output them into a single code line as an optiona
...;
easy answer to this.... limited to 500 objects in the gui.... the API will allow you to iterate over them in turn, for example on a single CMA I have over 3300 unused objects. this is in a MDS with 20 domains... using the gui is far to slow compared to leveraging the api.
easy answer to this.... limited to 500 objects in the gui.... the API will allow you to iterate over them in turn, for example on a single CMA I have over 3300 unused objects. this is in a MDS with 20 domains... using the gui is far to slow compared to leveraging the api.
;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
