CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Configure firewall rules and objects on Edge from Cli

  1. #1
    Join Date
    2013-08-06
    Location
    Denmark - South region
    Posts
    11
    Rep Power
    0

    Default Configure firewall rules and objects on Edge from Cli

    # When creating many rules in Checkpoint Edge boxes, it can take a long time, when doing it in the gui.
    # But the Edge boxes supports cli commands.

    # This example is from version 8.x
    # Check Point Embedded NGX CLI Reference guide Version 8.2 here.
    # http://downloads.checkpoint.com/dc/d...d.htm?ID=11743


    # we need 3 steps in creating a succesfully firewall rule from gui.

    # Firewall rules CAN be created without defining network objects and service objects, but to keep things "nice" we will create them first.

    # 1) Network object (a computer og a network.)

    # 2) a service object Eks. tcp 25 (SMTP)

    # 3) a firewall rule.


    ################################
    # 1)show and add network objects
    ################################
    # ssh to the edge firewall -
    # showing existing network objects.
    show netobj

    # we will add the network object 192.168.1.254 with the name IP_1.254 (name is limited to 16 caracters)
    # notice that the "type" can be "computer" (Single object) or "network"
    add netobj name IP_1.254 type computer ip 192.168.1.254 staticnat undefined mac undefined hotspotexclude disabled ufpexclude disabled dot1xexclude disabled
    #
    # output should look like this
    # Edge-X >add netobj name IP_1.254 type computer ip 192.168.1.254 staticnat undefined mac undefined hotspotexclude disabled ufpexclude disabled dot1xexclude disabled
    # [700000] item added
    #
    ################################
    # 2)show and add Service object
    ################################
    #
    # We have now created a computer object with the ip 192.168.1.254
    # Now lets create the service object.
    #
    add svc-objects name SMTP-25 protocol tcp ports 25
    #
    # output should look like this
    # Edge-X >add svc-objects name SMTP-25 protocol tcp ports 25
    # [700000] item added
    #
    ################################
    # 3) add a firewall rule
    ################################
    #
    # Lets create the firewall rule now
    # if you want to place the rule in the existing rule database, use the "index #" variable eks. "index 12" to place the rule as number 12.
    # notice the "dest gw" this is all trafic to this gateway...

    add fw rules service SMTP-25 action allow src any dest gw forward-to IP_1.254 ports 25 protocol tcp qosclass Default redirectport 0 log true disabled false description "SMTP from wan to IP_1.254" time always

    # output should look like this
    #
    # Edge-X >add fw rules service SMTP-25 action allow src any dest gw forward-to IP_1.254 ports 25 protocol tcp qosclass Default redirectport 0 log true disabled false description "SMTP # from wan to IP_1.254" time always
    # [700000] item added
    #
    # deleting the fw rule is very simple.
    # find the rule with "show fw rules"
    # when you have found the firewall rule eks. 41 run the command "delete fw rules 41"
    #
    # output sould look like this.
    # Edge-X >delete fw rules 41
    # [700000] item deleted
    Last edited by Needle; 2014-02-21 at 09:32. Reason: spelling

  2. #2
    Join Date
    2013-10-30
    Posts
    4
    Rep Power
    0

    Default

    Hi ., I have done B.Tech and CCSA (94%) and nobody give me job bcoz I'm fresher., so guide me something what kinda job I should approach first??

Similar Threads

  1. using cli/expert to list/search objects
    By irom77 in forum Check Point SecurePlatform (SPLAT)
    Replies: 5
    Last Post: 2010-11-11, 12:31
  2. List VOIP domains/objects using CLI
    By irom77 in forum Voice over IP Blade (VoIP)
    Replies: 0
    Last Post: 2010-11-07, 11:20
  3. display objects and rules from CLI
    By irom77 in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2010-10-25, 14:35
  4. How to configure the implied rules
    By Janet in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 5
    Last Post: 2009-05-22, 12:12
  5. Creating Objects from CLI
    By mcarey in forum SmartDashboard
    Replies: 4
    Last Post: 2008-02-28, 11:35

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •