Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RedPill15
Participant

How can I export the access rulebase

Hi Mates,

 

could I ask for the exact mgmt_cli commands to export all the rules from access rulebase to csv file with the below filters ?

Rule No.

Name

Source

Destination 

VPN

Service & Application

Action

 

Inline-layer rules will need to be displayed also,

* I need mgmt_cli command only as I may need to change the filters for later uses, I tried to use the jq command however I am not able to figure out the exact command to show the required fileds.

 

Thank you!

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

There isn't a single command to do this for a few reasons:

  • There is a limit to the number of rules an API call will return, so you will need to make multiple calls using limit/offset to retrieve the full results if the rulebase has more than a handful of rules in it.
  • The API will only return results from a single layer, not from any inline layers, which also must be queried.
  • The rule number is not returned as part of the API, that said, you should be able to figure it out based on the number of results returned.

Also, each one of those fields is itself an array that requires parsing.
Bottom line: this is going to require a script or a program to achieve.

However, we've already created a tool that will export a rulebase into HTML.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
Or if you're on R81+, there's the web-based SmartConsole, which you can give someone read-access to in order to see the rulebase.

 

 

0 Kudos
RedPill15
Participant

thank you @PhoneBoy , so if it means even I only export the inline layer rules, for exmaple:

mgmt_cli -r true -d x.x.x.x show access-rulebase offset 0 limit 20 name "inline-layer-example" details-level "standard" use-object-dictionary true --version 1.1 --format json 

It is still not possible to add the filter to show the mentioned fields?

0 Kudos
PhoneBoy
Admin
Admin

Sure, you can have jq give you the precise fields you want, except for rule number, which isn't in the API output.
But each one of those fields, except for the name, will return an array of uids.
That will require further processing to turn it into a CSV that will be meaningful to a human.

If you're just looking for a CSV export of the rulebase, SmartConsole does this: https://community.checkpoint.com/t5/Management/Smart-Console-filtered-rule-export-including-resolved... 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events