Important Note: This solution refers for R77.x versions only. For R80 and higher use "Show Package Tool" described in sk120342.
Table of Contents:
Background
Installation
Usage Syntax
Simplified Web Visualization Tool
Syntax
Example
Advanced Web Visualization Tool
Syntax
Example
Notes
Issues
Related solutions
Background
The Web Visualization Tool allows the Security Policy as well as objects in the objects database to be exported into a readable format. This exported information represents a snapshot of the database. This Security Policy can be viewed by anyone who is not connected to the Security Management Server in real time in a web browser. Professionals, such as Security auditors and IT support engineers who are mobile, need this capability on a daily basis.
The information can be exported from Security Management Server in the following formats:
Simplified Format (HTML) - captures all of the relevant information and places it into a single HTML file. The information is sorted according to type and listed in alphabetical order. For example, all Gateways will be displayed one beneath the other in alphabetical order. Since this format consolidates all of the configuration settings into a single file, the Simplified format makes printing and e-mailing the information very easy.
Advanced Format (XML) - gathers the data into several XML files and each XML file represents an object table or a Rule Base. The data captured is then divided into logical segments, which can be viewed separately. This format includes icons used in SmartDashboard, which are helpful in the categorization of the objects. The Advanced format can be customized, and the data in the files can be utilized for other purposes, such as using the data in other applications that can read XML. This format also provides a set of default XSL files.
Installation
R80 and later:
Web Visualization Tool is NOT supported starting from R80. A new open tool called "show_package" was created to replace it. To run this tool on your Security Management server, type:
cd $MDS_FWDIR/scripts/ ./web_api_show_package.sh <options>
For more details and the latest version of the tool, refer to the following article.
R70 - R77.30:
The Web Visualization Tool does not need to be installed on a specific machine or in a specific location. Rather, it can be installed on any machine in any directory.
Create a directory, into which you want to install the Web Visualization Tool.
This directory will be used as <cpdb2html_path> in the syntax of the cpdb2html command.
Important Note: On a computer with SmartConsole installed, do not install the Web Visualization Tool into the SmartConsole program directory itself - c:\Program Files\CheckPoint\SmartConsole\RXX\PROGRAM\.
Examples:
For Windows OS: C:\Web_Visualization_Tool\
For Gaia / SecurePlatform / Linux / Solaris OS: /var/Web_Visualization_Tool/
Move the Web Visualization Tool package into the new directory.
Extract the contents of the Web Visualization Tool package.
On Windows OS: use a special application to open the TGZ archive (e.g., WinRAR, WinZIP, 7-Zip, IZArc, TUGZip)
On Gaia / SecurePlatform / Linux / Solaris OS: use the ''tar -zxvf package_name.tgz' command to open the TGZ archive
Create a directory inside the Web Visualization Tool directory for your outputs.
This directory will be used as <output_directory> in the syntax of the cpdb2html command.
Examples:
For Windows OS: C:\Web_Visualization_Tool\outputs\
For Gaia / SecurePlatform / Linux / Solaris OS: /var/Web_Visualization_Tool/outputs/
Add the absolute path to Web Visualization Tool installation directory into the PATH environment variable.
Otherwise, you will have to use the absolute path to Web Visualization Tool installation directory each time you run this tool.
On Windows OS:
Start - Run... - "%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables - OK
Under 'System Variables' - left-click on 'Path' variable - click on 'Edit...' button
In the 'Variable value:' field - go to the end of the line - add semi-colon and the absolute path to Web Visualization Tool installation directory:
Log out from the Bash shell and log in again into Bash shell
Notes:
If Web Visualization Tool was installed on the Security Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script.
If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script - above the last line (that calls MDSprofile.sh script).
On Solaris OS:
If using Bash shell
Add these two lines at the bottom of the /etc/profile script:
Log out from the Bash shell and log in again into Bash shell
Notes:
If Web Visualization Tool was installed on the Security Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script.
If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script - above the last line (that calls MDSprofile.sh script).
If using Csh shell
Add this line at the bottom of the ${HOME}/.cshrc script:
Log out from the Csh shell and log in again into Csh shell
Notes:
If Web Visualization Tool was installed on the Security Management Server, then add this line at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.csh script.
If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add this line at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.csh script - above the last line (that calls MDSprofile.csh script).
This tool connects to Security Management Server to TCP port 18190.
If the Security Management Server is protected by a FireWall, and the Web Visualization Tool is installed on an external computer (not on the Security Management Server itself), then make sure to create a rule that allows that external computer to connect to Security Management Server on TCP port 18190 (for Check Point Security Gateway, use the pre-defined service called "CPMI").
Usage Syntax
The Simplified utility (cpdb2html) and the Advanced utility (cpdb2web) are two different standalone command line utilities that can be used to implement Web Visualization. If running the utility on the Windows OS, use the Command Prompt.
Simplified Web Visualization Tool
When you run the Simplified utility, an HTML file is generated - <output_directory>/<output_file_name>.html. To view the collected information, open the generated HTML file with your web browser.
Open the Command Prompt window and run C:\> cpdb2html.bat [cpdb2html_path] [output_directory] [management_server] [admin_name | certificate_file] [password] [-o output_file_name] [-m gateway] [-gr] [-go]
where:
[cpdb2html_path] is the Web Visualization Tool's installation directory.
[output_directory] is the path to where the HTML file will be written.
[management_server] represents the name or IP address of the Security Management Server (if Web Visualization Tool is installed on the Security Management Server itself, you can use the IP address of the Loopback interface 127.0.0.1). On Provider-1/Multi-Domain Security Server, this is the Virtual IP address of the relevant CMA/Domain Management Server.
[admin_name | certificate_file] is the user name of the Security Management Server administrator, or the full path of the certificate file.
[password] is the administrator's password, or the certificate password.
[-o output_file_name] (optional) is the name of the HTML file that will be generated (if not specified, the default file name will be <output_directory>/1.html).
[-m gateway] (optional) is the name of the gateway whose database information you would like to view.
[-gr] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain rules only (no global rules).
[-go] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain objects only (no global objects).
Open the Command Prompt window and run C:\> cpdb2web.exe [-s management_server] [-u admin_name | -a certificate_file] [-p password] [-o output_file_path] [-t table_names] [-c | -m gateway | -l package_names] [-gr] [-go] [-w Web_Visualization_Tool_installation_directory]
Note: You can just run the tool in interactive mode: C:\> cpdb2web.exe
However, you will not be able to use any of these options, and the output files will be created inside the Web Visualization Tool's installation directory:
[-s management_server] represents the name or IP address of the Security Management Server (if Web Visualization Tool is installed on the Security Management Server itself, you can use the IP address of the Loopback interface 127.0.0.1). On Provider-1/Multi-Domain Security Server, this is the Virtual IP address of the relevant CMA/Domain Management Server.
[-u admin_name] is the user name of the Security Management Server administrator who has permissions for reading the Check Point objects.
[-a certificate_file] is the path of a Check Point certificate for the administrator who has permissions for reading the Check Point objects.
[-p password] is the administrator's password.
[-o output_file_path] (optional) is the full path for the output directory. After the tool exports the information, all the output XML files must be placed inside this sub-directory: <Visualization_Tool_installation_directory>/xsl/xml/. Then, open the <Visualization_Tool_installation_directory>/xsl/index.xml file with your web browser. Note: Therefore, it is recommended to specify the <Visualization_Tool_installation_directory>/xsl/xml/ as the output directory.
[-t table_names] (optional) allows you to specify a specific table (where all available scheme tables can be used). In order to export a list of tables, the tables names should be printed using a comma as a separator, and capital letters should not be used. Spaces cannot be used as a separator. If this parameter is not specified, all the default tables (including Policies, Network Objects, Services, Users and Communities) will be exported. However, the initial export operation of the Communities scheme table will not include the GUI.
[-c] (optional) triggers the exporting of the active Policy Package only, instead of exporting all existing Policy Packages by default. The active Policy Package is the Policy Package that is currently open in SmartDashboard.
[-m gateway] (optional) is the same as the [-c] option - triggers the exporting of the active Policy Package only, but only on the specified gateway.
[-l package_names] (optional) allows you to export a specific Policy Package, instead of exporting all existing Policy Packages by default. In order to export a list of packages, the packages names should be printed using a comma as a separator. Spaces cannot be used as separators.
[-gr] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain rules only (no global rules).
[-go] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain objects only (no global objects).
[-w Web_Visualization_Tool_installation_directory] (optional) should be used in order to have proper access to the SmartDefense help files.
Notes
If IP address 127.0.0.1 fails, use the main IP address of the Security Management Server.
Web Visualization Tool is not compatible with IPv6, if "localhost" resolves to an IPv6 address or you attempt to use an IPv6 address for the Security Management server, it will fail.
Issues
The following errors might appear on Windows OS when running the cpdb2html command:
The input line is too long. The syntax of the command is incorrect
Wrong path 'C:\PROGRAM'
"files\CheckPoint\SmartConsole\RXX\PROGRAM" was unexpected at this time
Example of the issue
C:\> cpdb2html.bat "C:\Program Files\CheckPoint\Web Visualization Tool" "C:\Program Files\CheckPoint\Web Visualization Tool\Output" 192.168.192.168 admin password -o test.html CUR_PATH = "C:\Program Files\CheckPoint\Web Visualization Tool" TARGET_DIR = "C:\Program Files\CheckPoint\Web Visualization Tool\Output" HOST = 192.168.192.168 USERNAME = admin PASSWORD = password TEMP_DIR = ""C:\Program Files\CheckPoint\Web Visualization Tool\Output"\temp" XSLDIR = "C:\Program Files\CheckPoint\Web Visualization Tool"\xsl XSLFILE = stripped_html.xsl BASE_XML_FILE = stripped_html.xml OUTPUT_FILE = test.html POLICY_NAME = standard The input line is too long.The syntax of the command is incorrect.