Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Donald_Paterso1
Explorer
Explorer

Copy and paste rules with section titles - R80.10

Hi Tomer,

Bringing this thread back up since I have found it and it is relevant to a situation I have seen.

The version I am working on is R80.10 (it is 31 January 2018 today) and the behaviour of the system seems to be the same as ChrisF described (above) in terms of 1. the copying of rules with sectional titles is not supported and 2. there is still the need to create a whole new policy package and paste rules into it in order to have a good and immediate roll back after major changes to a rule-base (single ordered layer in this case).

The scenario I have seen is that a Policy Package was deleted by an administrator (by mistake).

The Read Only (Revision View) of the Revision that contains the deleted Policy Package shows the rules as Read Only and they cannot be copied and pasted to the current session/revision.

Should I be able to or am I missing something that would allow for an easier restore of a deleted Policy Package.

One other thing:

When right clicking on a rule there obviously all the expected options (New Rule, Sectional Title, Delete, Cut etc.). Perhaps there could be some small icons in the menu (on the left hand side and in the column where the Disable tick box resides). So that, for example, next to the Delete option we see (and can then quickly identify) the red cross that is so often associated with the delete action, and the scissors icon that is so often associated with the cut action. 

Regards,

Don Paterson

7 Replies
Tomer_Sole
Mentor
Mentor

Hi Don,

We are working on fixing copy+paste rules with their section titles. I realize this could be quite a problem for you.

I'm thinking that as a workaround you could also use the Python tool for exporting/importing a policy package or parts of it  for restoring a policy which was deleted in a past revision. What do you think about this approach?

I have passed your feedback regarding action icons to the relevant team.

Donald_Paterso1
Explorer
Explorer

Thanks Tomer,

Initial thoughts are:

Since a migrate export is 'best practice' it could allow for a policy package restore to a test environment in order to follow the Python export and import back into the live environment, where it was deleted from.

What about if there was no migrate export to work from and the Gaia backup wasn't done or was but a restore is not an option (although could be an option in a lab/VM).

All of that requires somewhat advanced skills and time intensive effort (working with the backup files) on the customer part (as well as Python installation/s).

Since the deleted Policy Package (PP) can actually be viewed in the Read Only (Revision View) it is tempting to say that it might be more efficient to allow for those rules (or the whole PP) to be copied and pasted into a new PP.

This is of course a single scenario that will be an infrequent accordance (I hope) an so the development time would understandably seen as more expensive and less of a priority.

I did not try to use the Revision View to see if the Actions > Export option is there in order to build an API script that might help with the scenario (although that is again time and effort).

I started looking into the Python tools 🙂 and need to personally learn more on it. Step-by-step guide anyone? 😉

Regards,

Don

0 Kudos
Don_Paterson
Advisor

Hi Tomer,

Just to add to this. I have been using the Policy Package Clone option in order to clone a PP before making major changes. That way the Clone PP is the backup. Of course migrate export is an option but that would be the equivelant of the old DB revision control in that it would revert the objects database and all PPs.

Regards,

Don

0 Kudos
Tomer_Sole
Mentor
Mentor

what about simply using the built-in revisions of R80 and not cloning anything? see https://community.checkpoint.com/message/1574-how-do-you-rollback-an-old-policy 

Don_Paterson
Advisor

Hi Tomer,

The Action > History > Right Click > Revert is useful but what about the case where the layer or Policy Package is completely deleted?

Migrate import would be less desirable compared to a Policy Package restore feature in the SmartConsole...

Thanks,

Don

0 Kudos
Tomer_Sole
Mentor
Mentor

what about the Policy Installation History option described at https://community.checkpoint.com/thread/1262-how-do-you-rollback-an-old-policy  

0 Kudos
Don_Paterson
Advisor

That's useful but what if we need to get the deleted policy package back. If for example it was deleted by mistake and there was no clone or backup and it needed to be changed and installed. 

Just wanting to see that I am not missing anything and that there is maybe a possible option to restore a deleted PP in the SmartConsole. 

Thanks,

Don

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events