Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Overlap in Security Validation
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
🏆 PSQL wizardry!
✔️ Works on all Single Domain Managements
👉 Directly shows data from the management DB
One-liner to show all centrally managed Check Point systems of a Check Point Security Management (SmartCenter).
In expert mode run:
psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_version AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d+).*', 'Take \1') AS jhf, alive_gateways.ip, string_agg(DISTINCT entitlement_view.family, ', ') AS families, statuses_view.fw_policy_name, statuses_view.fw_install_time AS last_policy_install FROM alive_gateways JOIN statuses_view USING (obj_id) JOIN entitlement_view USING (obj_id) JOIN os_installed_packages_view USING (obj_id) WHERE os_installed_packages_view.deployment_packages_package_name LIKE 'Check_Point_R%' GROUP BY alive_gateways.gateway, statuses_view.cp_shared_version, os_installed_packages_view.deployment_packages_package_name, alive_gateways.ip, statuses_view.fw_policy_name, statuses_view.fw_install_time;"
Greetings to: @Kaspars_Zibarts, @Bob_Zimmerman
Todo: Add support for Multi-Domain Security Managements (MDS)
🏆 PSQL wizardry!
✔️ Works on all Single Domain Managements
👉 Directly shows data from the management DB
One-liner to show all centrally managed Check Point systems of a Check Point Security Management (SmartCenter).
In expert mode run:
psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_version AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d+).*', 'Take \
Just ran it in the lab...amazing.
[Expert@CP-MANAGEMENT:0]# psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_vrsion AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d).*', 'Take \1') AS jhf, alive_gateways.ip, string_agg(DISTINCT entitlement_view.family, ', ') AS families, statuses_vew.fw_policy_name, statuses_view.fw_install_time AS last_policy_install FROM alive_gateways JOIN statuses_view USING (bj_id) JOIN entitlement_view USING (obj_id) JOIN os_installed_packages_view USING (obj_id) WHERE os_installed_packagesview.deployment_packages_package_name LIKE 'Check_Point_%' GROUP BY alive_gateways.gateway, statuses_view.cp_shared_vesion, os_installed_packages_view.deployment_packages_package_name, alive_gateways.ip, statuses_view.fw_policy_name, sttuses_view.fw_install_time;"
gateway | version | jhf | ip | families |
fw_policy_name | last_policy_install
---------------+---------+-----------------------------------------------------+---------------+---------------------+
---------------+--------------------------
CP-FW-01 | R81.20 | Take 119 | 172.16.10.248 | Access, DLP, Threat |
LAB-POLICY | Tue Oct 28 10:15:34 2025
CP-FW-02 | R81.20 | Take 119 | 172.16.10.247 | Access, DLP, Threat |
LAB-POLICY | Tue Oct 28 10:15:34 2025
CP-GW | R82 | Take 43 | 172.16.10.249 | Access, DLP, Threat |
LAB-POLICY | Tue Oct 28 10:15:37 2025
CP-MANAGEMENT | R82 | Take 43 | 172.16.10.252 | Management |
|
CP-MANAGEMENT | R82 | Check_Point_SmartConsole_R82_jumbo_HF_B1053_Win.tgz | 172.16.10.252 | Management |
|
CP-SMARTEVENT | R82 | Take 43 | 172.16.10.244 | Management |
|
(6 rows)
[Expert@CP-MANAGEMENT:0]#
Just ran it in the lab...amazing.
[Expert@CP-MANAGEMENT:0]# psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_vrsion AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d).*', 'Take \1') AS jhf, alive_gateways.ip, string_agg(DISTINCT entitlement_view.family, ', ') AS families, statuses_vew.fw_policy_name, statuses_view.fw_install_time AS last_policy_install FROM alive_gateways JOIN statu
PhoneBoy
It works on an R82 MDS, it just doesn't tell you which CMA a given firewall belongs to. A bigger issue is it seems to sometimes (but not always!) include more packages than it should. Here's an example from one of my managements:
gateway | version | jhf | ip | families | fw_policy_name | last_policy_install
------------------------+---------+-------------------------------------------------------+----------------+---------------------+----------------+--------------------------
SomeCluster-fw01 | R81.20 | Check_Point_R81.20_T634_Fresh_Install_and_Upgrade.tgz | 10.100.200.101 | Access, DLP, Threat | Standard | Thu Oct 30 04:32:39 2025
SomeCluster-fw01 | R81.20 | Take 105 | 10.100.200.101 | Access, DLP, Threat | Standard | Thu Oct 30 04:32:39 2025
SomeCluster-fw02 | R81.20 | Take 105 | 10.100.200.102 | Access, DLP, Threat | Standard | Thu Oct 30 04:32:39 2025
Changing the 'WHERE' clause to this dealt with the problem:
WHERE os_installed_packages_view.deployment_packages_category = 'jumbo'
AND os_installed_packages_view.deployment_packages_package_name LIKE 'Check_Point_R%'It works on an R82 MDS, it just doesn't tell you which CMA a given firewall belongs to. A bigger issue is it seems to sometimes (but not always!) include more packages than it should. Here's an example from one of my managements:
gateway | version | jhf | ip | families | fw_policy_name | last_policy_install ------------------------+---------+-------------------------------------------------------+----------------+---------------------+----------------+-------------------------- So@Bob_Zimmerman : Thanks for quick MDS test. Adding the CMA domain_id is pretty easy, as shown below. I just need to find a table or view to get the CMA name from, so that I don't have to show its id instead.
psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_version AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d+).*', 'Take \1') AS jhf, alive_gateways.ip, string_agg(DISTINCT entitlement_view.family, ', ') AS families, statuses_view.fw_policy_name, statuses_view.fw_install_time AS last_policy_install, alive_gateways.gateway_domain AS domain_id FROM alive_gateways JOIN statuses_view USING (obj_id) JOIN entitlement_view USING (obj_id) JOIN os_installed_packages_view USING (obj_id) WHERE os_installed_packages_view.deployment_packages_package_name LIKE 'Check_Point_R%' GROUP BY alive_gateways.gateway, statuses_view.cp_shared_version, os_installed_packages_view.deployment_packages_package_name, alive_gateways.ip, statuses_view.fw_policy_name, statuses_view.fw_install_time, alive_gateways.gateway_domain;"
@Bob_Zimmerman : Thanks for quick MDS test. Adding the CMA domain_id is pretty easy, as shown below. I just need to find a table or view to get the CMA name from, so that I don't have to show its id instead.
psql_client monitoring postgres -c "SELECT alive_gateways.gateway, statuses_view.cp_shared_version AS version, REGEXP_REPLACE(os_installed_packages_view.deployment_packages_package_name, '.*(?:Bundle_T|JHF_T)(\d+).*', 'Take \1') AS jhf, alive_gateways.ip, string_agg(DISTINC
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY