This looks like an amazing tool to try.

Time to play and review.

Thanks Danny!

Its brilliant! Even lets you choose different policy packages as well, so many awesome options.

@the_rock : All centrally managed gateways, even branch office gateways, should also protect connections to their central management. Also demo mode is not a good way to test this, because it's quite limited, i.e. details-level full is restricted.

Makes sense, Danny.

Never noticed that the other day Markus, but definitely logical suggestion, in my opinion.

@Markus1634 : This is fixed now in version v1.1, so please try again.

@DP7 : To replace ssh, run <Where Used>, then click on <Replace>, select ssh_version_2 as replacement, check <Objects> and <Policies> and click on <Replace>. Enjoy.



Commit mode just activates request-commit, so users can choose the review and commit every API request performed by the extension. Try it out. You can always switch back to auto mode.

@israelsc:

Great questions — privacy and security are absolutely valid concerns when introducing any third-party tooling into a management environment, so let me walk through exactly how this extension works.

What does the extension actually do?

This Policy Audit extension consists of just two files: a JSON manifest and a single HTML file. There is no backend, no installer, no service, and no external dependency. Once loaded, it runs entirely inside SmartConsole itself — the same way the built-in SmartConsole CLI works. It uses SmartConsole's native API bridge to issue read-only commands (e.g. show packages, show access-rulebase), iterates through the results using local JavaScript functions, and renders the findings visually inside the SmartConsole panel. That's it.

No external access — by design and by architecture

The manifest explicitly declares only two permissions:

• get-read-only-session
• run-read-only-commands

These are the only capabilities SmartConsole grants to the extension. With these permissions, the extension cannot write, modify, install, or publish any policy. It can only read — and it has no mechanism to send anything anywhere. There is no external URL, no telemetry, no analytics call, and no server of any kind receiving data. The single readable HTML file itself can be inspected in any text editor to verify this and is therefore fully auditable.

Furthermore, since the extension runs inside SmartConsole's sandboxed extension frame, it cannot reach external network destinations even if someone tried to modify it to do so — the SmartConsole process controls what the extension can communicate with.

Full transparency via Commit mode

For customers who want complete visibility into every API call the extension makes, there is a built-in "Commit mode" toggle. In this mode, every read request is shown to the user in a dialogue box before it is executed, requiring explicit confirmation. This gives administrators a full, step-by-step audit trail of exactly what data the extension accesses — nothing runs silently in the background.

How to uninstall

Removing the extension is straightforward:

• Via SmartConsole: Manage & Settings > Preferences > SmartConsole Extensions, then delete the entry.
• Manually: remove the extension entry from AddOnsConfig.json, found at:
  %localappdata%\Check Point\SmartConsole\R8*\UserSettings (standard installation);
  or the Output sub-folder of your SmartConsole Portable directory

@simonemantovani: I'm glad that you find it useful. The <Go to> button sometimes take a bit. I suggest to navigate to the 'Security Policies' menu in SmartConsole and then press the <Go to> button, to help it to navigate to the selected rule.