Support Center > Search Results > SecureKnowledge Details
Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool
Solution

Important Note: This solution refers for R77.x versions only. For R80 and higher use "Show Package Tool" described in sk120342.

 

Table of Contents:

  • Background
  • Installation
  • Usage Syntax
    • Simplified Web Visualization Tool
      • Syntax
      • Example
    • Advanced Web Visualization Tool
      • Syntax
      • Example
  • Notes
  • Issues
  • Related solutions

 

Background

The Web Visualization Tool allows the Security Policy as well as objects in the objects database to be exported into a readable format. This exported information represents a snapshot of the database. This Security Policy can be viewed by anyone who is not connected to the Security Management Server in real time in a web browser. Professionals, such as Security auditors and IT support engineers who are mobile, need this capability on a daily basis.

The information can be exported from Security Management Server in the following formats:

  • Simplified Format (HTML) - captures all of the relevant information and places it into a single HTML file. The information is sorted according to type and listed in alphabetical order. For example, all Gateways will be displayed one beneath the other in alphabetical order. Since this format consolidates all of the configuration settings into a single file, the Simplified format makes printing and e-mailing the information very easy.

  • Advanced Format (XML) - gathers the data into several XML files and each XML file represents an object table or a Rule Base. The data captured is then divided into logical segments, which can be viewed separately. This format includes icons used in SmartDashboard, which are helpful in the categorization of the objects. The Advanced format can be customized, and the data in the files can be utilized for other purposes, such as using the data in other applications that can read XML. This format also provides a set of default XSL files.

 

Installation

R80 and later:

Web Visualization Tool is NOT supported starting from R80. A new open tool called "show_package" was created to replace it. 
To run this tool on your Security Management server, type: 

cd $MDS_FWDIR/scripts/
./web_api_show_package.sh <options>

For more details and the latest version of the tool, refer to the following article.

 

R70 - R77.30:

The Web Visualization Tool does not need to be installed on a specific machine or in a specific location. Rather, it can be installed on any machine in any directory.

Procedure:

  1. Download the relevant package.

    OS of the computer, where
    Web Visualization Tool
    should be installed    		 Version of the
    Security Management Server /
    Multi-Domain Security Management Server    		 Tool
    Download
    Link
    Gaia / SecurePlatform / Linux R77.x
    R71.x, R75.x and R76
    R70.x
    Windows R77.x
    R71.x, R75.x and R76
    R70.x
    Solaris R71.x and R75.x (up to R75.40)
    R70.x



    Refer to Web Visualization Tool R71 and Higher Release Notes.


  2. Create a directory, into which you want to install the Web Visualization Tool.

    This directory will be used as <cpdb2html_path> in the syntax of the cpdb2html command.



    Important Note: On a computer with SmartConsole installed, do not install the Web Visualization Tool into the SmartConsole program directory itself - c:\Program Files\CheckPoint\SmartConsole\RXX\PROGRAM\.

    Examples:

    • For Windows OS:
      C:\Web_Visualization_Tool\
       
    • For Gaia / SecurePlatform / Linux / Solaris OS:
      /var/Web_Visualization_Tool/


  3. Move the Web Visualization Tool package into the new directory.



  4. Extract the contents of the Web Visualization Tool package.

    • On Windows OS:
      use a special application to open the TGZ archive (e.g., WinRAR, WinZIP, 7-Zip, IZArc, TUGZip)

    • On Gaia / SecurePlatform / Linux / Solaris OS:
      use the ''tar -zxvf package_name.tgz' command to open the TGZ archive



  5. Create a directory inside the Web Visualization Tool directory for your outputs.

    This directory will be used as <output_directory> in the syntax of the cpdb2html command.

    Examples:

    • For Windows OS:
      C:\Web_Visualization_Tool\outputs\
       
    • For Gaia / SecurePlatform / Linux / Solaris OS:
      /var/Web_Visualization_Tool/outputs/


  6. Add the absolute path to Web Visualization Tool installation directory into the PATH environment variable.

    Otherwise, you will have to use the absolute path to Web Visualization Tool installation directory each time you run this tool.

    • On Windows OS:

      1. Start - Run... - "%WINDIR%\system32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables - OK

      2. Under 'System Variables' - left-click on 'Path' variable - click on 'Edit...' button

      3. In the 'Variable value:' field - go to the end of the line - add semi-colon and the absolute path to Web Visualization Tool installation directory:

        ...existing_text ; absolute_path_to_Web_Visualization_Tool_installation_directory

      4. Click 'OK' to close 'Edit System Variable' window

      5. Click 'OK' to close 'Environment Variables' window

      6. Reboot the machine (to apply the new setting)


    • On Gaia / SecurePlatform / Linux OS (if using Bash shell):

      1. Add these two lines at the bottom of the /etc/bashrc script:

        PATH=${PATH}:/absolute_path_to/Web_Visualization_Tool_installation_directory
        export PATH

      2. Log out from the Bash shell and log in again into Bash shell


      Notes:
      • If Web Visualization Tool was installed on the Security Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script.

      • If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script - above the last line (that calls MDSprofile.sh script).


    • On Solaris OS:

      If using Bash shell

      1. Add these two lines at the bottom of the /etc/profile script:

        PATH=${PATH}:/absolute_path_to/Web_Visualization_Tool_installation_directory
        export PATH

      2. Log out from the Bash shell and log in again into Bash shell


      Notes:
      • If Web Visualization Tool was installed on the Security Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script.

      • If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add these two lines at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.sh script - above the last line (that calls MDSprofile.sh script).


      If using Csh shell

      1. Add this line at the bottom of the ${HOME}/.cshrc script:

        setenv PATH "$PATH:/absolute_path_to/Web_Visualization_Tool_installation_directory"

      2. Log out from the Csh shell and log in again into Csh shell


      Notes:
      • If Web Visualization Tool was installed on the Security Management Server, then add this line at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.csh script.

      • If Web Visualization Tool was installed on the Provider-1 Server / Multi-Domain Management Server, then add this line at the bottom of the /opt/CPshrd-RXX/tmp/.CPprofile.csh script - above the last line (that calls MDSprofile.csh script).


  7. This tool connects to Security Management Server to TCP port 18190.

    If the Security Management Server is protected by a FireWall, and the Web Visualization Tool is installed on an external computer (not on the Security Management Server itself), then make sure to create a rule that allows that external computer to connect to Security Management Server on TCP port 18190 (for Check Point Security Gateway, use the pre-defined service called "CPMI").

 

Usage Syntax

The Simplified utility (cpdb2html) and the Advanced utility (cpdb2web) are two different standalone command line utilities that can be used to implement Web Visualization. If running the utility on the Windows OS, use the Command Prompt.

Simplified Web Visualization Tool

When you run the Simplified utility, an HTML file is generated - <output_directory>/<output_file_name>.html.
To view the collected information, open the generated HTML file with your web browser.

Syntax

  • Gaia / SecurePlatform / Linux / Solaris OS:

    # ./cpdb2html.csh [cpdb2html_path] [output_directory] [management_server] [admin_name | certificate_file] [password] [-o output_file_name] [-m gateway] [-gr] [-go]

  • Windows OS:

    Open the Command Prompt window and run
    C:\> cpdb2html.bat [cpdb2html_path] [output_directory] [management_server] [admin_name | certificate_file] [password] [-o output_file_name] [-m gateway] [-gr] [-go]

where:

  • [cpdb2html_path] is the Web Visualization Tool's installation directory.

  • [output_directory] is the path to where the HTML file will be written.

  • [management_server] represents the name or IP address of the Security Management Server (if Web Visualization Tool is installed on the Security Management Server itself, you can use the IP address of the Loopback interface 127.0.0.1). On Provider-1/Multi-Domain Security Server, this is the Virtual IP address of the relevant CMA/Domain Management Server.

  • [admin_name | certificate_file] is the user name of the Security Management Server administrator, or the full path of the certificate file.

  • [password] is the administrator's password, or the certificate password.

  • [-o output_file_name] (optional) is the name of the HTML file that will be generated (if not specified, the default file name will be <output_directory>/1.html).

  • [-m gateway] (optional) is the name of the gateway whose database information you would like to view.

  • [-gr] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain rules only (no global rules).

  • [-go] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain objects only (no global objects).

 

Example (from Windows OS)



The used command is:

H:\>C:\Web_Visualization_Tool\cpdb2html.bat C:\Web_Visualization_Tool C:\Web_Visualization_Tool\Outputs 172.25.118.65 admin vpn123

Where:
  • C:\Web_Visualization_Tool\cpdb2html.bat - Path where the cpdb2html resides
  • C:\WebVisualizationTool - Path of the Web Visualization Tools installation directory
  • C:\Web_Visualization_Tool\Outputs - Path where the HTML (output) will be written
  • 172.25.118.65 - Security Management Server IP address
  • admin - Admin name
  • vpn123 - password

After you complete the command, a HTML file named 1 and a temp folder will be created in the Outputs directory

The output of the HTML file will show your Firewall policy, NAT, objects and more...something like this:



Advanced Web Visualization Tool

When you run the Advanced utility, several XML files are generated. All these XML files must be placed inside this sub-directory:

<Visualization_Tool_installation_directory>/xsl/xml/.

Then, open the <Visualization_Tool_installation_directory>/xsl/index.xml file with your web browser.

Syntax

  • Gaia / SecurePlatform / Linux / Solaris OS:

    # cpdb2web [-s management_server] [-u admin_name | -a certificate_file] [-p password] [-o output_file_path] [-t table_names] [-c | -m gateway | -l package_names] [-gr] [-go] [-w Web_Visualization_Tool_installation_directory]

  • Windows OS:

    Open the Command Prompt window and run
    C:\> cpdb2web.exe [-s management_server] [-u admin_name | -a certificate_file] [-p password] [-o output_file_path] [-t table_names] [-c | -m gateway | -l package_names] [-gr] [-go] [-w Web_Visualization_Tool_installation_directory]

    Note:
    You can just run the tool in interactive mode:
    C:\> cpdb2web.exe

    However, you will not be able to use any of these options, and the output files will be created inside the Web Visualization Tool's installation directory:
    • [-o output_file_path]
    • [-t table_names]
    • [-c | -m gateway | -l package_names]
    • [-gr]
    • [-go]
    • [-w Web_Visualization_Tool_installation_directory]

where:

  • [-s management_server] represents the name or IP address of the Security Management Server (if Web Visualization Tool is installed on the Security Management Server itself, you can use the IP address of the Loopback interface 127.0.0.1). On Provider-1/Multi-Domain Security Server, this is the Virtual IP address of the relevant CMA/Domain Management Server.

  • [-u admin_name] is the user name of the Security Management Server administrator who has permissions for reading the Check Point objects.

  • [-a certificate_file] is the path of a Check Point certificate for the administrator who has permissions for reading the Check Point objects.

  • [-p password] is the administrator's password.

  • [-o output_file_path] (optional) is the full path for the output directory. After the tool exports the information, all the output XML files must be placed inside this sub-directory:
    <Visualization_Tool_installation_directory>/xsl/xml/.
    Then, open the <Visualization_Tool_installation_directory>/xsl/index.xml file with your web browser.
    Note: Therefore, it is recommended to specify the <Visualization_Tool_installation_directory>/xsl/xml/ as the output directory.

  • [-t table_names] (optional) allows you to specify a specific table (where all available scheme tables can be used). In order to export a list of tables, the tables names should be printed using a comma as a separator, and capital letters should not be used. Spaces cannot be used as a separator. If this parameter is not specified, all the default tables (including Policies, Network Objects, Services, Users and Communities) will be exported. However, the initial export operation of the Communities scheme table will not include the GUI.

  • [-c] (optional) triggers the exporting of the active Policy Package only, instead of exporting all existing Policy Packages by default. The active Policy Package is the Policy Package that is currently open in SmartDashboard.

  • [-m gateway] (optional) is the same as the [-c] option - triggers the exporting of the active Policy Package only, but only on the specified gateway.

  • [-l package_names] (optional) allows you to export a specific Policy Package, instead of exporting all existing Policy Packages by default. In order to export a list of packages, the packages names should be printed using a comma as a separator. Spaces cannot be used as separators.

  • [-gr] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain rules only (no global rules).

  • [-go] (optional) is relevant to Provider-1 Server / Multi-Domain Management Server users only. Exports Customer/Domain objects only (no global objects).

  • [-w Web_Visualization_Tool_installation_directory] (optional) should be used in order to have proper access to the SmartDefense help files.

 

Notes

  • If IP address 127.0.0.1 fails, use the main IP address of the Security Management Server.
  • Web Visualization Tool is not compatible with IPv6, if "localhost" resolves to an IPv6 address or you attempt to use an IPv6 address for the Security Management server, it will fail.

 

Issues

The following errors might appear on Windows OS when running the cpdb2html command:

The input line is too long.
The syntax of the command is incorrect

Wrong path 'C:\PROGRAM'
"files\CheckPoint\SmartConsole\RXX\PROGRAM" was unexpected at this time

Example of the issue

C:\> cpdb2html.bat "C:\Program Files\CheckPoint\Web Visualization Tool" "C:\Program Files\CheckPoint\Web Visualization Tool\Output" 192.168.192.168 admin password -o test.html
CUR_PATH = "C:\Program Files\CheckPoint\Web Visualization Tool"
TARGET_DIR = "C:\Program Files\CheckPoint\Web Visualization Tool\Output"
HOST = 192.168.192.168
USERNAME = admin
PASSWORD = password
TEMP_DIR = ""C:\Program Files\CheckPoint\Web Visualization Tool\Output"\temp"
XSLDIR = "C:\Program Files\CheckPoint\Web Visualization Tool"\xsl
XSLFILE = stripped_html.xsl
BASE_XML_FILE = stripped_html.xml
OUTPUT_FILE = test.html
POLICY_NAME = standard
The input line is too long.The syntax of the command is incorrect.

 

Solution

There are two ways to deal with this issue:

  1. Use short paths, if possible

    Example:
    C:\> cpdb2html.bat C:\WebVisualizationTool C:\WebVisualizationTool\Output 192.168.192.168 admin password -o test.html

  2. Enclose the entire command in double-quotes

    Example:
    C:\> "cpdb2html.bat "C:\Program Files\CheckPoint\Web Visualization Tool" "C:\Program Files\CheckPoint\Web Visualization Tool\Output" 192.168.192.168 admin password -o test.html"

For more details about the root cause, refer to http://stackoverflow.com/questions/682799/what-to-do-with-the-input-line-is-too-long-error-message/3583282#3583282.

 

Applies To:
  • This SK replaces sk30765

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment