PDA

View Full Version : View firewall rules on the CLI



jhimiiiiil
2017-02-08, 02:30
Hello Experts,

May I ask how to generate an access-list similar to Cisco's "show access-list" command?
I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
Can you please point me to the right direction on where to find the command on CLI?

Thank you.

laf_c
2017-02-08, 05:33
On a centrally based CP firewall, this is not possible.

jflemingeds
2017-02-08, 07:35
Hello Experts,

May I ask how to generate an access-list similar to Cisco's "show access-list" command?
I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
Can you please point me to the right direction on where to find the command on CLI?

Thank you.

What is your end goal? To show someone else the policy or to try to debug an issue? There maybe a different way to do what you are trying.

ShadowPeak.com
2017-02-08, 08:52
Hello Experts,

May I ask how to generate an access-list similar to Cisco's "show access-list" command?
I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
Can you please point me to the right direction on where to find the command on CLI?

Thank you.

Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.

jhimiiiiil
2017-02-09, 02:04
What is your end goal? To show someone else the policy or to try to debug an issue? There maybe a different way to do what you are trying.

Hello jflemingeds,

Yes the goal is to show the firewall rules as part of an audit.

Thank you.

jhimiiiiil
2017-02-09, 02:05
Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.

Hello ShadowPeak,

Thank you for taking time to reply to my query. I will check that one out.
That will cost us money right?

jflemingeds
2017-02-09, 06:58
Hello ShadowPeak,

Thank you for taking time to reply to my query. I will check that one out.
That will cost us money right?

If you're still on R77..x sk64501. "Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool"

ShadowPeak.com
2017-02-09, 09:04
Hello ShadowPeak,

Thank you for taking time to reply to my query. I will check that one out.
That will cost us money right?

I don't think so, that feature is so old it does not have a separate blade-based license and should be included in the standard license.

cciesec2006
2017-02-09, 09:19
Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.

FYI: I don't think this is supported by Cisco, last time I checked.

PhoneBoy
2017-02-09, 14:41
OSE hasn't been sold in quite some time.
I can't imagine the results it generates would be compatible with current Cisco gear anyway.

If you're just trying to show the firewall rules as part of an audit, why not screenshots from SmartDashboard, Web Visualization Tool, or even a cp_merge, which will export the policy in a CSV file?
If you're using for a way to get this on the firewall itself, you *might* be able to find something by poking around in $FWDIR/state, but it won't be in a neat format.