Four Ways to SASE
Explore New Wave of Web Based
DDoS Attacks and Mitigations
Boosting Performance &
Stability
with Harmony Endpoint E88.70!
It's Here!
CPX 2025 Content
Remote Access VPN – User Experience
Help us with the Short-Term Roadmap
The Future of Browser Security:
AI, Data Leaks & How to Stay Protected!
CheckMates Go:
What is UPPAK?
danielcol
Hello!
Firstly, I'd like to introduce myself - I'm Daniel, and I've worked with Check Point for 11(nearly 12!) years.
I'm always interested in making life easier, or more automated - which makes a great paring for Python.
I had a problem, in that I noticed the SmartConsole unused objects view is limited to 500 objects and bulk deletions were slow.. and not that easy to know what has and hasn't been deleted without going in and out of the object view, and publishing.
I wrote this script, which was initially part of a greater project to write a Python related wrap-around to do bulk changes through the Web API. In its current form, it issues the "show-unused-objects" command through the API and loops through the responses in chunks and stores them in dictionaries. Then, it goes through these dictionaries, one object type at a time and issues the delete commands... and a publish for every 200 objects (or when it's done with that iteration).
It doesn't delete VPN communities, but it can with a small change to the script - I did this on purpose because VPN communities are generally more sensitive (as in, most people wouldn't have unused ones) and have other object dependencies such as Interoperable Devices, Cluster nodes etc..
The script doesn't self run, I designed it to run through a Python shell (but, I can possibly change this - and this is a living project for me) copy and paste the code contents to a python shell, ensuring you have IP access to the management and the API is enabled and configured to allow access. You can run the cleanup with 'RunTheCleanUp()'.
https://github.com/dcmarimba/CPAPI_Upload
Happy cleaning!
Daniel
API and CLI Discussion Management Quantum Security Management
Hello!
Firstly, I'd like to introduce myself - I'm Daniel, and I've worked with Check Point for 11(nearly 12!) years.
I'm always interested in making life easier, or more automated - which makes a great paring for Python.
I had a problem, in that I noticed the SmartConsole unused objects view is limited to 500 objects and bulk deletions were slow.. and not that easy to know what has and hasn't been deleted without going in and out of the object view, and publishing.
I wrote
...;
Danny
Thanks!
A bash version of this is available here.
I'd like if your script would be more interactive to:
I'd also be great if your script would read out the SmartCenter IP and Port automatically.
Thanks!
A bash version of this is available here.
I'd like if your script would be more interactive to:
I'd also be great if your script would read out the SmartCenter IP and Port automatically.
;
danielcol
Your first point is on my list of things to do, it's hard because of the iterative nature of it (I found I was getting a non-true value of the total amounts from the queries.. probably because there was just so many in my test) but I can add that.
Can easily dump out the contents to say a CSV.
I don't see too much value in the backup (but that's my opinion) as the changes are made in sessions, which can be restored through the management sessions (and each session, is one object type) on my to-do list is add session comments, for each "batch" so it says something like "delete of service-tcp" etc.
Can add your last two points 🙂
Your first point is on my list of things to do, it's hard because of the iterative nature of it (I found I was getting a non-true value of the total amounts from the queries.. probably because there was just so many in my test) but I can add that.
Can easily dump out the contents to say a CSV.
I don't see too much value in the backup (but that's my opinion) as the changes are made in sessions, which can be restored through the management sessions (and each session, is one object t
...;
We have something similar - I would recommend that you implement handling of the creation date of the objects.
No need to delete unused objects that was created let's say yesterday, thereby removing all work done by a colleague.
/Henrik
We have something similar - I would recommend that you implement handling of the creation date of the objects.
No need to delete unused objects that was created let's say yesterday, thereby removing all work done by a colleague.
/Henrik
;
danielcol
I've got a date check function, so could add something like that.
There's not much "sense" applied to the objects spat out, other than sorting the type. But I should have the creation date in the dictionary, so could sort those out and then leave those to be handled if the user requests..
I've got a date check function, so could add something like that.
There's not much "sense" applied to the objects spat out, other than sorting the type. But I should have the creation date in the dictionary, so could sort those out and then leave those to be handled if the user requests..
danielcol
Daniel,
To be honest a clean installation contains a lot of unused objects and I might not be comfortable with killing those. Is there a provision to do this only for object that were later added and then got discarded.
Obviously another concern is that your hard working colleagues are in the middle of a change and they just painstakingly added a bunch of objects not yet in use and those get tosted out the window because they did a commit just before lunch. And yoou killled them at lunch time.
Perhaps both concerns can be addressed by putting a scope on the age of the object. (Anything older then 24 hours but younger then the installation date?)
I think a feature like that makes sense for some.
But let's get this straiight above all: I seriously like the tool.
Daniel,
To be honest a clean installation contains a lot of unused objects and I might not be comfortable with killing those. Is there a provision to do this only for object that were later added and then got discarded.
Obviously another concern is that your hard working colleagues are in the middle of a change and they just painstakingly added a bunch of objects not yet in use and those get tosted out the window because they did a commit just before lunch. And yoou killled them at
...;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
