Editing the objects_5_0.C file via Check Point database editing utilities
Table of Contents:
Instructions for using 'dbedit'
DBedit Command Arguments
DBedit Internal Commands
Using dbedit commands in shell script
Related documentation / solutions
Check Point has created new utilities to make it easier to work with the database files on the Security Management / Customer Management Add-on / Domain Management Server:
These utilities allow administrators to make changes in the $FWDIR/conf/objects_5_0.C file, such as creating or modifying attributes and values. These utilities are designed to replace the error-prone manual editing of the $FWDIR/conf/objects_5_0.C file and allow searching of the file based on "type" and "attribute".
Additionally, using these tools maintain the audit trail for changes to the database.
There is an $FWDIR/conf/objects.C file on the Security Gateway and a new file, $FWDIR/conf/objects_5_0.C, located on the Security Management / Customer Management Add-on / Domain Management Server. A new $FWDIR/conf/objects.C file gets created and pushed to the Security Gateway each time a policy is installed. Editing the $FWDIR/conf/objects.C file on the Security Gateway, or the Security Management / Customer Management Add-on / Domain Management Server, is not desirable since the change will be lost during the next policy installation, or restart of the Security Management / Customer Management Add-on / Domain Management Server.
Note: Check Point recommends using the 'GuiDBEedit Tool' to make changes in the $FWDIR/conf/objects_5_0.C file. Refer to sk13009 - Check Point Database Tool (GuiDBedit).
Alternately, the 'dbedit' utility can be used from the CLI for making the same changes.
(2) Instructions for using 'dbedit'
- The involved objects should be edited only on the relevant Security Management / Customer Management Add-on / Domain Management Server.
Backup the Security Management Server / Multi-Domain Security Management Server before modifying any of the objects.
- Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).
- Connect to command line on Security Management Server / Multi-Domain Security Management Server.
- Log in to Expert mode.
On Multi-Domain Security Management Server - switch to the context of the involved Domain Management Server:
[Expert@HostName]# mdsenv <Name of Domain Management Server>
Execute the dbedit:
Refer to section "Syntax - DBedit Command Arguments" below.
Enter resolvable hostname, or IP address of the relevant Security Management / Customer Management Add-on / Domain Management Server:
Enter Server name (ENTER for 'localhost'):
When prompted, enter username and password of the Administrator:
Enter Administrator Name:
Enter Administrator Password:
Modify the relevant object / value.
Refer to section "Syntax - DBedit Internal Commands" below.
Save the changes:
Exit from the dbedit (you can specify whether to save the changes upon exit):
dbedit> quit [-update_all | -noupdate].
- In SmartDashboard, install database / install policy onto relevant objects.
- Check Point strongly recommends consulting Technical Support before editing any objects.
- Pressing "CTRL+C" will kill the dbedit without saving any changes.
[Expert@HostName]# dbedit -help
Usage: dbedit [-local | -s server] [-c certificate file | -u user] [-p password] [-f filename] [-r db-open-reason] [-help] [ignore_script_failure] [-continue_updating]
(3-A) Syntax - DBedit Command Arguments
The following table describes the additional arguments for dbedit command:
[Expert@HostName]# dbedit [command arguments]
(3-B) Syntax - DBedit Internal Commands
The following table describes the commands available inside the dbedit.
(4) Using dbedit commands in shell script
It is possible to automate the dbedit internal commands using the syntax below in Bash shell (Expert mode).
The table below provides basic syntax examples based on section "(3-B) DBedit Internal Commands".
Note: For internal commands other than print, _print_set, printxml, printbyuid, query, and whereused, use the syntax "dbedit -f <file_name>".
- Command Line Interface Reference Guide (R55, R60, R61, R62, R65, R70, R71, R75, R75.20, R75.40, R75.40VS, R76, R77) - chapter 'Security Management Server and Firewall Commands' - dbedit
- sk13009 - Check Point Database Tool (GuiDBedit)
- sk107932 - How to create manual NAT rules using DBedit
- sk74020 - How to change the IP address of a Domain Management Server
- sk30383 - Using a dbedit script to create new network objects and network object groups
- sk94047 - How to set configure automatic deletion of Database Revision Control versions with 'dbedit' tool
- sk93590 - Using dbedit to create time objects
- sk65680 - Create users using dbedit
- sk76040 - How to use dbedit to create automatic NAT on host object
- sk33403 - How to add a massive list of URLs to the URL filtering
- sk101056 - dbedit printxml command does not return AdminInfo
- sk39187 - Running dbedit utility on the Provider-1 MDS server fails with error.
- sk93589 - 'One or more arguments are invalid' error when trying to add the value for 'day_of_month' for time objects using the dbedit utility
- sk101492 - Unable to change CLM IP address using dbedit
- sk99049 - Modifying Database fields using DBedit does not work
- sk23630 - Advanced configuration options for ISP Redundancy
- skI3780 - Error: "CPHA: Found another machine with same cluster ID..." in the system console
- sk33403 - Import static routes from FireWall_A to FireWall_B on SecurePlatform