This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tom_Nguyen
Explorer
‎2018-12-12 11:23 AM

IPS Query

Hi,

With the R80.10 API, is there a way determine which IPS profile is tied to a gateway?  Basically, we have a large number of gateways and multiple IPS profiles and I would like to create a script that will eventually create a list with the name of the gateway and the associated IPS profile.

I'm trying to work backwards and I'm just stuck getting all the information that I need.  The workflow I'm thinking of is:

Query 1 : Threat Prevention Policy, Rules, Profile Name

Query 2:  Gateway Name, Threat Prevention Policy name

With results from both queries, I should be able to generate the gateway to IPS profile list.  Let me know if I"m off base here.

1 Reply
PhoneBoy
Admin
Admin
‎2018-12-13 04:08 AM

In past releases, only a single IPS Profile could apply to an entire gateway.

With R80.x gateways, there could be several threat prevention profiles that apply to the gateway depending on the protected scope.

At a high level, you'd do something like:

1. Query the gateway to see what policy is currently loaded to it (e.g. with fw stat). You could do this with run-script via the API or use the new https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/new-...‌. However, this will only give you the name of the policy, not what the actual threat-prevention layer is called (most likely "PolicyName Threat Prevention" but you'll have to double-check, and there could be a few).

2. Use the API to query the Threat Prevention rulebase for that particular policy, parsing the output to determine which profiles are used for the given gateway.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top