Table of Contents:
-
Introduction
-
Instructions for using 'dbedit'
-
Syntax
-
DBedit Command Arguments
-
DBedit Internal Commands
-
Using dbedit commands in shell script
-
Related documentation / solutions
(1) Introduction
Check Point has created new utilities to make it easier to work with the database files on the Security Management / Customer Management Add-on / Domain Management Server:
In R7x, dbedit could be used for manipulating all object stored in objects_5_0.C and in other fwset files.
In R80.x, the tool is still supported, but it can manipulate only some of the objects (gateways and global properties for instance), while other objects (such as rulebase) can be managed only by the new mgmt_cli tool.
Note: Refer to sk13009 - Check Point Database Tool (GuiDBedit).
Alternately, the 'dbedit' utility can be used from the CLI for making the same changes.
(2) Instructions for using 'dbedit'
- The involved objects should be edited only on the relevant Security Management / Customer Management Add-on / Domain Management Server.
Note: Changes can be done only on an active Security Management or CMA, as the database of the standby server is in read-only mode and cannot be changed by dbedit or any other client.
-
Backup the Security Management Server / Multi-Domain Security Management Server before modifying any of the objects.
Refer to:
- Close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).
- Connect to command line on Security Management Server / Multi-Domain Security Management Server.
- Log in to Expert mode.
-
On Multi-Domain Security Management Server - switch to the context of the involved Domain Management Server:
[Expert@HostName]# mdsenv <Name of Domain Management Server>
-
Execute the dbedit:
[Expert@HostName]# dbedit
Refer to section "Syntax - DBedit Command Arguments" below.
-
Enter resolvable hostname, or IP address of the relevant Security Management / Customer Management Add-on / Domain Management Server:
Enter Server name (ENTER for 'localhost'):
-
When prompted, enter username and password of the Administrator:
Enter Administrator Name:
Enter Administrator Password:
-
Modify the relevant object / value.
Refer to section "Syntax - DBedit Internal Commands" below.
-
Save the changes:
dbedit> update_all
-
Exit from the dbedit (you can specify whether to save the changes upon exit):
dbedit> quit [-update_all | -noupdate].
- In SmartDashboard, install database / install policy onto relevant objects.
Notes:
- Check Point strongly recommends consulting Technical Support before editing any objects.
- Pressing "CTRL+C" will kill the dbedit without saving any changes.
(3) Syntax
General syntax:
[Expert@HostName]# dbedit -help
Usage: dbedit [-local | -s server] [-c certificate file | -u user] [-p password] [-f filename] [-r db-open-reason] [-help] [-ignore_script_failure] [-continue_updating]
(3-A) Syntax - DBedit Command Arguments
The following table describes the additional arguments for dbedit command:
[Expert@HostName]# dbedit [command arguments]
(3-B) Syntax - DBedit Internal Commands
The following table describes the commands available inside the dbedit.
(4) Using dbedit commands in shell script
It is possible to automate the dbedit internal commands using the syntax below in Bash shell (Expert mode).
The table below provides basic syntax examples based on section "(3-B) DBedit Internal Commands".
Note: For internal commands other than print, _print_set, printxml, printbyuid, query, and whereused, use the syntax "dbedit -f <file_name>".
- Command Line Interface Reference Guide (R55, R60, R61, R62, R65, R70, R71, R75, R75.20, R75.40, R75.40VS, R76, R77) - chapter 'Security Management Server and Firewall Commands' - dbedit
- sk13009 - Check Point Database Tool (GuiDBedit)
- sk107932 - How to create manual NAT rules using DBedit
- sk74020 - How to change the IP address of a Domain Management Server
- sk30383 - Using a dbedit script to create new network objects and network object groups
- sk94047 - How to set configure automatic deletion of Database Revision Control versions with 'dbedit' tool
- sk93590 - Using dbedit to create time objects
- sk65680 - Create users using dbedit
- sk76040 - How to use dbedit to create automatic NAT on host object
- sk33403 - How to add a massive list of URLs to the URL filtering
- sk101056 - dbedit printxml command does not return AdminInfo
- sk39187 - Running dbedit utility on the Provider-1 MDS server fails with error.
- sk93589 - 'One or more arguments are invalid' error when trying to add the value for 'day_of_month' for time objects using the dbedit utility
- sk101492 - Unable to change CLM IP address using dbedit
- sk99049 - Modifying Database fields using DBedit does not work
- sk23630 - Advanced configuration options for ISP Redundancy
- skI3780 - Error: "CPHA: Found another machine with same cluster ID..." in the system console
- sk33403 - Import static routes from FireWall_A to FireWall_B on SecurePlatform