This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Tomer_Sole
Mod
Mod
‎2018-05-17 11:25 AM

Did you know? SmartConsole Tags

R80 and R80.10 provide a new feature for ease of security management: Tags.

We have presented it in Check Point conventions dating back to 2013 - it's time that we discuss them at CheckMates as well Smiley Happy

The purpose with tags is to ease the searches and associations of objects. You can tag any object from its Object Editor, as well as with the Security Management CLI or API. 

You can then search for all objects that belong to a specific tag.

In the Object Explorer:

When picking objects in places like security policies:

In addition of simplified user experience, Tags have good value in the world of automation and orchestration.

Labels (1)
Labels
Reply
14 Replies
PhoneBoy
Admin
Admin
‎2018-05-17 04:30 PM

I don't use this feature nearly enough Smiley Happy

0 Kudos
Reply
rupert_matthews
Explorer
‎2018-08-02 04:06 PM

All,

How would you do a bulk modify of objects to insert tags based on a csv?  I have tried the following to no avail.  what am i doing wrong?  

dataset examples

name,tag

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

name,tags

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

name,tag.add

Test_Net_10.104.50.0_24,class1

Test_Net_10.104.51.0_24,class2

with the following commands. 

mgmt_cli set network --batch /path/to/csv/dataset.csv --format json -s id.txt > tag_add.json

mgmt_cli publish -s id.txt

Nothing gets published.  What is the structure of the dataset supposed to look like?  Or is this just something that isn't working yet?

Sincerely, 

Rupert

Reply
PhoneBoy
Admin
Admin
‎2018-08-02 04:23 PM
In response to rupert_matthews

Note the header line on this CSV file:

name,tags.add

net-internal,tag1

net-dmz,tag2

This worked.

[Expert@mumford:0]# mgmt_cli -r true set network --batch tag.csv

---------------------------------------------

Time: [16:21:25] 2/8/2018

---------------------------------------------

"Publish operation"  succeeded  (100%) 

Reply
Vladimir
Champion
Champion
‎2019-02-16 11:36 AM

Can you tell me how the CSV should look like if I am trying to create network objects with multiple tags?

name,subnet, subnet-mask,tags.add,tags.add

Net_10.0.0.0,10.0.0.0,255.255.255.0,ny,data

Net_10.0.0.1,10.0.0.1,255.255.255.0,nj,voice

Reply
PhoneBoy
Admin
Admin
‎2019-02-16 08:45 PM
In response to Vladimir

Maybe tags.add.1, tags.add.2, etc

0 Kudos
Reply
Vladimir
Champion
Champion
‎2019-02-17 06:56 AM
In response to PhoneBoy

Nope.

Getting:

[Expert@SMS8010:0]# mgmt_cli add network --batch test1.csv
Username: admin
Password:
Line 2: code: "generic_err_invalid_parameter"
message: "Invalid parameter for [tags]. Invalid value"

Line 3: code: "generic_err_invalid_parameter"
message: "Invalid parameter for [tags]. Invalid value"


Executed command failed. Changes are discarded.
[Expert@SMS8010:0]#

CSV that looks like:

name,subnet,subnet-mask,tags.add.1,tags.add.2
Net_10.0.0.0,10.0.0.0,255.255.255.0,ny,data
Net_10.0.0.1,10.0.0.1,255.255.255.0,nj,voice

0 Kudos
Reply
Vladimir
Champion
Champion
‎2019-02-17 07:31 AM

OK. Figured it out finally:

no need to include ".add" when creating objects with tags from CSV.

This format works:

name,subnet,subnet-mask,color,tags.1,tags.2
Net_10.0.0.0,10.0.0.0,255.255.255.0,red,ny,data
Net_10.0.0.1,10.0.1.0,255.255.255.0,red,nj,voice

Creating objects:

 

Thing to note is that tags appear in alphabetical order, so if you want to see them in identical order, pre-phase them the type.

I.e.: "loc-ny, typ-data" and "loc-nj,typ-voice". Then they will appear in order:

 

Reply
Will_H
Contributor
‎2019-05-17 01:20 PM
In response to Vladimir

So you can not control policy by tags, it is just for searching in the GUI?

I'd like to see tags being able to be used for policy enforcement.

Reply
Dima_M
Employee+
Employee+
‎2019-05-18 11:32 AM
In response to Will_H

Hey Will,

 

Currently - yes. We do support imported tags from various external sources though.

Could you please share more info on your use case for internal SmartConsole tags?

Reply
Cihat_Bulut
Contributor
‎2019-07-09 03:52 AM
In response to Dima_M

Hi,

 

I  have added 50 domain (fqdn) objects with the "library" tag.

I want to add the "library" tag in the destination column of a rule.

Gateway should allow all domains (also all objects) tagged with "library" in the future.

How can I achieve this?

 

BR   

Reply
Tal_Paz-Fridman
Employee++
Employee++
‎2019-07-09 05:08 AM
In response to Cihat_Bulut

Hi

I think this would be better achieved using a Network Group (Simple Group) object called library.

You can add it to the Destination column of the relevant rule.

In the future when you add additional objects to the Network Group, it will be part of the Destination.

 

HTH

Tal

0 Kudos
Reply
Cihat_Bulut
Contributor
‎2019-07-09 05:21 AM
In response to Tal_Paz-Fridman

Dear Tal,

 

I've done it what you've suggested. But it is not what I want.

 

BR

0 Kudos
Reply
Tal_Paz-Fridman
Employee++
Employee++
‎2019-07-11 06:23 AM
In response to Cihat_Bulut

Hi

 

I do not think this is how Tags work but perhaps you could do it using a script and Management API to list all the objects that have a specific Tag and then add them to a specific rule.

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-tag~v1.5%20

 

Tal

0 Kudos
Reply
Luis_Miguel_Mig
Collaborator
‎2020-11-18 07:29 AM
In response to Tal_Paz-Fridman

I was hoping that you could use tags to permit only certain objects to be viewed/modified by certain users in the SmartConsole Object Explorer. It doesn't look like it though

0 Kudos
Reply