This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
saitoh
Advisor
‎2025-04-01 12:38 AM
Jump to solution

How to list service object with its advanced settings

Hi all,

 

What I would be trying to achieve is to figure out which objects is edited for creating configuration sheet.

I prefer not to include default object list in it due to its large amount of information.

 

Objects other than service ones are checked manually, but when it comes to service objects, it takes me forever to finish checking, too many for my eyes.

 

I thought just diffing customer's service objects list with the default one would do, but SmartConsole allows me to export them as CSV only with basic config info like port number, and comments.

Its advanced settings such as "Match for Any" are not subject to print.

 

Are there any useful tips to list those advanced settings?

Also much appreciated for any empirical comments!

 

Saitoh

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-04-01 12:51 AM
In response to saitoh
Jump to solution

You might to try Management API, although you will need to run for each type separately.

For example:

mgmt_cli -r true show services-tcp details-level full --format json

 

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-services-tcp~v2%20 

View solution in original post

(1)
9 Replies
saitoh
Advisor
‎2025-04-01 12:48 AM
Jump to solution

P.S.

I think of time in Last Modified as a sign of configured object, but somehow colleagues of mine will not be satisfied unless actual diff of those settings is done.

They do not trust the value in Last Modified...

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-04-01 12:51 AM
In response to saitoh
Jump to solution

You might to try Management API, although you will need to run for each type separately.

For example:

mgmt_cli -r true show services-tcp details-level full --format json

 

https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-services-tcp~v2%20 

(1)
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-04-01 07:59 AM
In response to Tal_Paz-Fridman
Jump to solution

And note that you can use jq to filter output for services which have been modified by a person like so:

[Expert@MyManagement]# mgmt_cli -f json -r true show services-tcp limit 500 details-level full | jq '.objects[]|select(."meta-info"."last-modifier" != "System")|.'
{
  "uid": "...",
  "name": "Active_Directory_TCP_123",
  "type": "service-tcp",
  "domain": {...},
  "enable-tcp-resource": false,
  "sync-connections-on-cluster": true,
  "use-delayed-sync": false,
  "delayed-sync-value": 30,
  "port": "123",
  "match-by-protocol-signature": false,
  "override-default-settings": false,
  "session-timeout": 3600,
  "use-default-session-timeout": true,
  "match-for-any": false,
  "aggressive-aging": {
    "enable": true,
    "timeout": 0,
    "use-default-timeout": true,
    "default-timeout": 0
  },
  "keep-connections-open-after-policy-installation": false,
  "comments": "black",
  "color": "black",
  "icon": "Services/TCPService",
  "tags": [],
  "meta-info": {
    "lock": "unlocked",
    "validation-state": "ok",
    "last-modify-time": {...},
    "last-modifier": "WEB_API",
    "creation-time": {...},
    "creator": "WEB_API"
  },
  "read-only": false,
  "available-actions": {
    "edit": "true",
    "delete": "true",
    "clone": "true"
  }
}
...
(1)
Henrik_Noerr1
Advisor
‎2025-04-01 01:29 PM
In response to Bob_Zimmerman
Jump to solution

A side note - when we upgraded to r81.20 we lost all history and most object/rule was tagged as System - with the date of the upgrade being the last modified date. We discovered it a couple of days after, preventing any rollback.

We had most objects modified back to the original date with some work done by Diamond from a backup, but not all.

Just keep it in mind if you are using this for something 'important' 🙂

/Henrik

(1)
saitoh
Advisor
‎2025-04-06 06:12 PM
In response to Henrik_Noerr1
Jump to solution

Dear @Henrik_Noerr1,

 

Thanks for sharing your experience.

Your comments made me want to test if last_modified/modifier were updated or not when making changes, and

found out they were not surprisingly!

I therefore went for extracting all the details of objects in the appliance with customer's config and default one, diffing them just to be sure.

Your comments helped me a lot, much appreciated!

 

Saitoh

 

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
saitoh
Advisor
‎2025-04-06 06:05 PM
In response to Bob_Zimmerman
Jump to solution

Dear @Bob_Zimmerman,

 

Thank you for sharing your knowledge!

I did not know of jq command. Having tried, I found it really useful.

It is always good to know something new 🙂

 

Saitoh

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
saitoh
Advisor
‎2025-04-06 05:44 PM
In response to Tal_Paz-Fridman
Jump to solution

Dear @Tal_Paz-Fridman,

 

Thanks for your comment!

I followed your instruction and run mgmt_cli in the appliance with customer's config and default config.

Diffing each result gave me the objects they edited, which is what I would like to know.

 

I created the macro for this procedure. Much appreciated!

 

Saitoh

sliver bullet: casting repero or tossing it into the harbor
(1)
the_rock
MVP Platinum
MVP Platinum
‎2025-04-06 06:01 PM
In response to saitoh
Jump to solution

Thanks for letting us know.

Andy

Best,
Andy
0 Kudos
(1)
the_rock
MVP Platinum
MVP Platinum
‎2025-04-01 05:48 AM
In response to saitoh
Jump to solution

What @Tal_Paz-Fridman gave is probably your best bet.

Andy

Best,
Andy
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events