Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Allen_Fambro
Employee
Employee

AWS Updateable Objects

Jump to solution

Is there a GAIA CLI equivalent to 'domains_tool' (see sk161632) that would allow you to see the list of IP's associated with an Updateable Object directly from the gateway?  The "domains_tool" command only displays domains that are associated with a specific Updateable Object.  However some Updateable Objects like the "Amazon Web Services" object doesn't contain any domains.  Instead it simply contains subnets / IPs.  There has to be some way to see exactly what the gateway is allowing access to/from for auditors, troubleshooting, etc...

Thank you.

0 Kudos
Reply
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

Yes, you can view them with:

# dynamic_objects -uo_show

 

Here an example from lab (output truncated in-between for easier viewing):

[Expert@gw:0]# dynamic_objects -uo_show

 

object name : CP_MS_Office365_All

range 0 : 13.67.50.224           13.67.50.231

range 1 : 13.70.151.216          13.70.151.216

range 2 : 13.71.127.197          13.71.127.197

<snip>

range 447 : 2a01:111:f406:8801::    2a01:111:f406:8801:ffff:ffff:ffff:ffff

range 448 : 2a01:111:f406:a003::    2a01:111:f406:a003:ffff:ffff:ffff:ffff

 

object name : CP_AWS_AMAZON

range 0 : 3.0.0.0                3.1.255.255

range 1 : 3.8.0.0                3.11.255.255

range 2 : 3.16.0.0               3.19.255.255

<snip>

range 416 : 2a05:d07f:e000::       2a05:d07f:e0ff:ffff:ffff:ffff:ffff:ffff

 

Operation completed successfully

[Expert@gw:0]#

 

 

View solution in original post

2 Replies
Norbert_Bohusch
Advisor

Yes, you can view them with:

# dynamic_objects -uo_show

 

Here an example from lab (output truncated in-between for easier viewing):

[Expert@gw:0]# dynamic_objects -uo_show

 

object name : CP_MS_Office365_All

range 0 : 13.67.50.224           13.67.50.231

range 1 : 13.70.151.216          13.70.151.216

range 2 : 13.71.127.197          13.71.127.197

<snip>

range 447 : 2a01:111:f406:8801::    2a01:111:f406:8801:ffff:ffff:ffff:ffff

range 448 : 2a01:111:f406:a003::    2a01:111:f406:a003:ffff:ffff:ffff:ffff

 

object name : CP_AWS_AMAZON

range 0 : 3.0.0.0                3.1.255.255

range 1 : 3.8.0.0                3.11.255.255

range 2 : 3.16.0.0               3.19.255.255

<snip>

range 416 : 2a05:d07f:e000::       2a05:d07f:e0ff:ffff:ffff:ffff:ffff:ffff

 

Operation completed successfully

[Expert@gw:0]#

 

 

View solution in original post

Allen_Fambro
Employee
Employee

Thank you.  This is great information and we should update skI1915 with this. 

I should also note that skI1915 does provide more insight around the "dynamic_objects" command.  While it doesn't talk about the "-uo_show" option, it does tell you that the Dynamic Objects are stored in a database (ASCII file) located at $FWDIR/database/dynamic_objects.db.  It seems that the "-uo_show" option was added so that you can display anything in the database with "OBJ_TYPE_UO" which are updateable objects.  Since the database is an ASCII file, you could also use the "more" command to display contents and search thru the file, etc... 

0 Kudos
Reply