CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Disable NAT rules using Script

  1. #1
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default Disable NAT rules using Script

    Hello

    I have to disable 2000 static NAT rules in a certain policy. Can anyone help me on how to create a script to perform this task. I know using the below command through dbedit will help me disbale the rules in Firewall poliy but I nned to know how to appy this to NAT

    modify fw_policies ##Standard rule:3:disabled true

    Thanks
    Ravindra
    Last edited by ravindra692; 2018-03-12 at 10:43.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: Disable NAT rules using Script

    Quote Originally Posted by ravindra692 View Post
    Hello

    I have to disable 2000 static NAT rules in a certain policy. Can anyone help me on how to create a script to perform this task. I know using the below command through dbedit will help me disbale the rules in Firewall poliy but I nned to know how to appy this to NAT

    modify fw_policies ##Standard rule:3:disabled true

    Thanks
    Ravindra
    Your SMS code version is? Are the NAT rules you want to disable automatically generated, manually created, or both?
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2017-09-10
    Posts
    38
    Rep Power
    0

    Default Re: Disable NAT rules using Script

    Quote Originally Posted by ShadowPeak.com View Post
    Your SMS code version is? Are the NAT rules you want to disable automatically generated, manually created, or both?
    They are manually created.

  4. #4
    Join Date
    2014-09-02
    Posts
    344
    Rep Power
    10

    Default Re: Disable NAT rules using Script

    Can we assume you're on R7x? I believe the syntax you're looking for with dbedit is "rule_adtr"...

    modify fw_policies ##Standard rule_adtr:3:disabled true


    If you were running R80.x this could be done through the management API with commands like this:

    mgmt_cli set nat-rule rule-number 1 package "PackageName" enabled false


    If you are running R80 (even if only on management), let us know and we can expand on the rest of the process to complete and run this as an API script.

    -E
    Last edited by EricAnderson; 2018-03-29 at 18:51.

Similar Threads

  1. Count Security rules hit statistics script
    By apachepro in forum Scripts and Tools
    Replies: 0
    Last Post: 2012-02-02, 02:31
  2. Script for writing rules
    By networkuser in forum SmartDashboard
    Replies: 7
    Last Post: 2010-10-25, 22:47
  3. Creating/script rules from html
    By usman_a in forum Scripts and Tools
    Replies: 0
    Last Post: 2006-12-15, 17:06
  4. An easy way to disable select implied rules
    By RayPesek in forum Feedback To Check Point: Suggestions And Requests
    Replies: 1
    Last Post: 2006-10-06, 02:52
  5. Replies: 2
    Last Post: 2006-03-17, 16:05

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •