Exporting Check Point configuration from Security Management Server into readable format using "Show Package Tool"
Table of Contents:
The Show Package Tool allows the Security Policy as well as objects in the objects database to be exported into a readable format. This exported information represents a snapshot of the database.
The tool replaces the Web Visualization Tool (see sk64501 - Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool) which was supported in R7X.
This tool is already installed on Check Point Security Management servers running version R80 with Jumbo-HF and above.
The tool generates a compressed file (.tar.gz) containing the following files:
- HTML files - The objects and rules presented as html files. The "index.html" acts as a starting point and lists all the available items to display.
- JSON files The objects and rules exported as multiple JSON files.
- Log file (e.g. show_package-yyyy-mm-dd_HH-MM-ss.elg) A log file containing debug information.
[Expert@HostName]# $MDS_FWDIR/scripts/web_api_show_package.sh [-d domain-name] [-k package-name] [-n port-number] [-t path] [-o path]
- [-d domain-name] (Optional): The name or uid of the Security Management Server domain. When running the command on a Multi-domain server the default domain is the "MDS".
- *NOTE* - Ensure either the Domain name is used or the CMA IP. Use of the CMA name as shown in 'mdsstat' output is not supported.
- [-k package-name] (Optional): The package name or the uid of the policy package to show.When a package-name is not provided, the tool will provide details on all the policy-packages that are being used (the ones that were installed on the security gateways)
- [-n port-number] (Optional): The port of WebAPI server on Security Management Server.Default value is 443.
- [-t path] (Optional): The tool uses template files to create HTML pages out of JSON data. This parameter points to the location of these files. Default location is $MDS_FWDIR/api/samples/conf/.
- [-o path] (Optional): The output path. The location in which to save the resulting .tar.gz file. The parameter can also be the full path (including the .tar.gz filename). The default is the current directory.
Use "-h" option in order to see the full list of options to configure the tool
- Running the tool on a Security Management server:
- Running the tool on a Security Management server for a specific policy package:
$MDS_FWDIR/scripts/web_api_show_package.sh -k <PACKAGE NAME>
- Running the tool on a Multi-Domain Server for specific domain and a specific policy package:
$MDS_FWDIR/scripts/web_api_show_package.sh -k <PACKAGE NAME> -d <DOMAIN NAME>
- *NOTE* Use of CMA Name is not supported. Only use the Domain name or the CMA IP.
- The resulting .tar.gz file will be in the current working directory if not specified with the -o flag.
- The Show Package Tool is an open source project. The source files are located in Check Point GitHub.
For more details refer to the following Git Hub Page.
- It is possible to export a policy package in a way that can later for importing it later on a different Security Management server for more details see ExportImportPolicyPackage.
- Exporting a rulebase using CSV format is available from the GUI:
Open SmartConsole and view the rulebase you wish to export. From the rulebase's toolbar select: 'Action > Export'.