PDA

View Full Version : Useful tool indeed. Is it Possible?



NickBrandson
2010-07-22, 13:55
hello guru,
this tool seems very powerful in creating and modifying object, however, just want to explorer if we could adopt this tool to add new policy or modify firewall policy?
does anyone try this before?
how does it flow work like?
Any comments would be appreciated.
thanks
nick

plamy
2010-07-22, 15:57
Your sense make question no.

PhoneBoy
2010-07-23, 23:35
There are other ways to create/modify objects via the CLI using dbedit. That might be better than using confwiz to do the job.

Ofer Israeli
2010-07-25, 04:07
Hi Nick,

Yes, you can use Confwiz in order to create or modify a firewall policy, which is in fact, just another object. The only thing you should be aware of is that when you are attempting to replace an object in a container, such as changing a rule's source from host1 to host2, then you cannot just change the reference of host1 to host2, but rather you need to delete the original reference, using the Delete_Keyword, and add a new reference. You can read more about this in the relevant forum at http://supportcenter.checkpoint.com.

Another side note, each firewall policy points to a policies_collection object which resides in the policies_collections table, thus if you are creating a new firewall policy, you will need to create the policies_collection as well. For an example of how to do so, please have a look at the output of cp_migrator that comes in the Confwiz package when running it on the sample configuration.


HTH,
Ofer

ajeybk
2011-08-15, 10:24
I haven't used confwiz much, but i'm aware that it can insert objects, rules and mostly provided as a migration tool.
Whereas i'm having a tool that insert rules, delete rules, create objects (networks and services) and most (80 %)of the things possible thru the smartdashboard. It is like shell utility, with query facilities.
How useful can this tool be for a regular checkpoint user ?

liquidbroadcast123
2012-07-04, 04:53
As far as i know about this tool is that it allows you to preserve your intellectual property and drastically improve the manageability of your security systems by migrating to the industry leading Security Management platform and also serves as a platform for performing mass manipulation operations on a Check Point security configuration, improving the manageability of the system even further.