View Full Version : Correlating DB Versions to Policies

2010-05-10, 16:38
Im trying to correlate the different database revisions to their Policies.
It seems like it may be best to use the uid`s from the versioning_db.fws file.

[Expert@R65-Manager]# cat versioning_db.fws | grep uid
:chkpf_uid ("{1911A942-5C4D-11DF-B011-00000000DBDB}")
:tag_uid ("{1912082E-5C4D-11DF-B011-00000000DBDB}")

Anyone know how or where I cant reference this UIDs ?

2010-05-10, 19:59
What is it that you're trying to achieve?

2010-05-10, 20:29
I want to write a script which keep he last 5 db revs per policy and remove the remainder.

2010-05-10, 21:04
Could be tricky - doesn't a DB revision contain ALL policies that existed at the time the revision was created?

2010-05-10, 22:10
This sounds like the wrong tool for the job. I wouldn't rely on DB revisions for anything other than DR or rollback - if you're interested in versioning, you're much better off exploring something like Tufin SecureTrack that will keep an efficient offline archive, and allow you to do proper comparisons over time. Again, I'm not sure that the motivation for keeping these revisions has been adequately captured, but it may be worth looking into this.

Also of note : R71 has Revision Control features to allow automatic deletion of "old" revisions based on a time period. May be worth investigating what is done there.

2010-05-11, 01:59
I thought a db rev was just for that current policy but for global objects but i could be wrong.

As for R71 that is a good idea ill check that out when i get 5 minutes.
I appreciate what your saying about tufin etc but the reason i was to create this script is to allow me to clear out all the unwanted db revs before doing a upgrade_export so it doesnt end up in the Gigs....

2010-05-11, 04:22
Gotcha - I feel your pain about that, at least in R70 you can bulk-select and delete!

2010-05-11, 04:50
Im in process of writing a pre R70 script which will bulk remove db rev.
All input is welcome and ill post the finished on here in a wk or 2.

2010-05-11, 10:51
Please check out this thread as it may be what you are trying to accomplish:


It is a script you can run via cron to cleanup database revisions. (I have not tried it yet though)

Also, it is correct that each revision contains all of the policies which is kind of a bummer if you just need to roll back one policy. If you have many changes in policies and decide you need to revert changes in only one of them, it basically rolls everything back. Since using Tufin now, we only keep a very minimal set of revisions since we can easily find changes for each individual policy.

2010-05-11, 11:24
Ok cool. Thanks

2010-05-13, 13:05
Ive pretty much finished this script.
Details can be found here :