CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 10 of 10

Thread: View firewall rules on the CLI

  1. #1
    Join Date
    2015-10-26
    Posts
    7
    Rep Power
    0

    Default View firewall rules on the CLI

    Hello Experts,

    May I ask how to generate an access-list similar to Cisco's "show access-list" command?
    I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
    Can you please point me to the right direction on where to find the command on CLI?

    Thank you.

  2. #2
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: View firewall rules on the CLI

    On a centrally based CP firewall, this is not possible.

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by jhimiiiiil View Post
    Hello Experts,

    May I ask how to generate an access-list similar to Cisco's "show access-list" command?
    I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
    Can you please point me to the right direction on where to find the command on CLI?

    Thank you.
    What is your end goal? To show someone else the policy or to try to debug an issue? There maybe a different way to do what you are trying.

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by jhimiiiiil View Post
    Hello Experts,

    May I ask how to generate an access-list similar to Cisco's "show access-list" command?
    I've tried the searching the SPLAT admin guide and a few blog sites but the information I needed is not there.
    Can you please point me to the right direction on where to find the command on CLI?

    Thank you.
    Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  5. #5
    Join Date
    2015-10-26
    Posts
    7
    Rep Power
    0

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by jflemingeds View Post
    What is your end goal? To show someone else the policy or to try to debug an issue? There maybe a different way to do what you are trying.
    Hello jflemingeds,

    Yes the goal is to show the firewall rules as part of an audit.

    Thank you.

  6. #6
    Join Date
    2015-10-26
    Posts
    7
    Rep Power
    0

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by ShadowPeak.com View Post
    Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.
    Hello ShadowPeak,

    Thank you for taking time to reply to my query. I will check that one out.
    That will cost us money right?

  7. #7
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by jhimiiiiil View Post
    Hello ShadowPeak,

    Thank you for taking time to reply to my query. I will check that one out.
    That will cost us money right?
    If you're still on R77..x sk64501. "Exporting Check Point configuration from Security Management Server into readable format using Web Visualization Tool"

  8. #8
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,231
    Rep Power
    13

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by jhimiiiiil View Post
    Hello ShadowPeak,

    Thank you for taking time to reply to my query. I will check that one out.
    That will cost us money right?
    I don't think so, that feature is so old it does not have a separate blade-based license and should be included in the standard license.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  9. #9
    Join Date
    2006-09-26
    Posts
    3,172
    Rep Power
    16

    Default Re: View firewall rules on the CLI

    Quote Originally Posted by ShadowPeak.com View Post
    Check out the ancient Open Security Extension (OSE) feature which allows Check Point security policies to be pushed directly to Cisco devices as an access-list.
    FYI: I don't think this is supported by Cisco, last time I checked.

  10. #10
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,488
    Rep Power
    16

    Default Re: View firewall rules on the CLI

    OSE hasn't been sold in quite some time.
    I can't imagine the results it generates would be compatible with current Cisco gear anyway.

    If you're just trying to show the firewall rules as part of an audit, why not screenshots from SmartDashboard, Web Visualization Tool, or even a cp_merge, which will export the policy in a CSV file?
    If you're using for a way to get this on the firewall itself, you *might* be able to find something by poking around in $FWDIR/state, but it won't be in a neat format.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. How to recover and view firewall log?
    By tumenzul in forum SmartView Tracker
    Replies: 2
    Last Post: 2016-02-17, 13:33
  2. VPN Firewall Rules
    By laf_c in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2014-11-01, 06:46
  3. Replies: 3
    Last Post: 2013-12-23, 06:27
  4. How to view Cisco Firewall logs in Smart View Tracker
    By wittyenggs in forum SmartView Tracker
    Replies: 1
    Last Post: 2013-03-19, 03:43
  5. Firewall Rules Lost
    By ds5879 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 3
    Last Post: 2007-10-26, 18:22

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •