Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Václav_Brožík
Collaborator

Threat Prevention policy installation time + comand

Jump to solution

On a firewall is it possible to show the Threat Prevention policy installation time? The commands fw stat and cpstat fw show only the Access Control policy installation time.

If there is no official command for this (I think there should be one), what do you think about reliability of these methods or do you know something better? The test were performed on R80.30.

  • a) file modify time

stat -c%y $FWDIR/log/tp_policy_stats_report.csv
2020-07-24 16:49:32.922781753 +0200

  • b) recorded timestamp

In the tp_policy_stats_report.csv file:
1. find the last '^Policy Installation$' line and in the following lines find the first timestamp '^Timestamp,([0-9]+)$'  (complicated in a shell script)
2. convert the Unix epoch timestamp:

date -d@1595602172
Fri Jul 24 16:49:32 CEST 2020

------

In addition to this I am not able to find the equivalent of fw fetch for the Threat Prevention policy. Is there one?

I tested the command fw fetch -f:

- It updates the timestamp on the tp_policy_stats_report.csv file and adds records related to IPS signatures installation. This makes the method a) above less reliable.

- It seems to install the IPS signatures but probably not the policy for other TP blades.

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

Try the fw stat -b AMW command.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

7 Replies
Timothy_Hall
Champion
Champion

Try the fw stat -b AMW command.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
bhaizlett123
Contributor

Is there a way to get that information or at least a true or false if the threat prevention policy was installed successfully? Like when you use the api to install policy and you also include to install the threat prevention policy. You can see the task-id and from there you can get the information you want as to whether the install was successful, but I can't find where it would say, security policy was successful and/or threat prevention policy was successful or not? is there a way to do that via api?

0 Kudos
PhoneBoy
Admin
Admin

If the policy install action failed, you would definitely see this in the message returned when you query the specific task-id.
Otherwise, if there's no error and the task is complete, you can assume the policy was installed successfully.

0 Kudos
bhaizlett123
Contributor

What if only security policy succeeded and threat-prevention policy failed, would it detail that, so i can see that only threat prevention policy failed?

0 Kudos
PhoneBoy
Admin
Admin

Yes, it should show the error, same as in SmartConsole.

0 Kudos
bhaizlett123
Contributor

I just tested it and i see that it fails, but i can't find a way to determine whether its the security policy or the threat prevention policy that is failing. i do see it in smartconsole, but trying to determine how to know via api?

0 Kudos
PhoneBoy
Admin
Admin

In show-task, one of the things that's returned is the task-details: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-task~v1.8%20
Are you seeing this in your API call output?
If not, try your call with details-level full.

To eliminate further questions along these lines, what is your precise API call and precise output? (Mask sensitive details if desired)

0 Kudos