CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 38 of 38

Thread: SmartDashboard on macOS

  1. #21
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Ran into some issues, which stalled my progress for a while. I decided the fix was to rewrite most of the UI. Still not done with that, and still not past the issues in question, but I think I'm getting there.

    Click image for larger version. 

Name:	Screen Shot 2020-10-30 at 18.59.23.jpg 
Views:	55 
Size:	65.6 KB 
ID:	1445

    I am now using AppKit more directly rather than going through SwiftUI. With this change, I lose some nice development features, but I gain a lot of capabilities which I hope to put to good use soon. For example, I now have a toolbar at the top of the window. In this screenshot, it only has a single button which hides or shows the sidebar, but I'm working on a few other things to put there.

    I really like the new "subtitle" feature added in the upcoming macOS version. To handle multiple SmartCenters, I started using a type of document which plays nicely with the database engine I'm using. This window is showing a document I named "2200", which is saved locally on my workstation. The subtitle shows the username and server it represents.

    Made some big changes to how the sidebar works. Not thrilled with how it looks yet, but I am thrilled with how well it works so far. It's everything I like about old SmartDashboard's objects list and everything I like about new SmartConsole's objects list.

  2. #22
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Made some advances and thought I would show them off.

    Click image for larger version. 

Name:	Screen Shot 2020-11-15 at 16.44.09.jpg 
Views:	48 
Size:	105.4 KB 
ID:	1446

    Dark mode actually worked perfectly right out of the gate.
    • Dramatically improved login. That's the phone button at the far left of the toolbar. The button and the subtitle tell you whether you are currently connected or not (here, I'm not).
    • Added support for object colors (had to build a bunch of color swatches in my project file, but only a single line of code had to change to use them). I still have some tuning to get the colors a little different between light mode and dark mode, but that's just simple tweaks to the named swatches.
    • Added action icons. For now, I've gone with a couple of different shapes to improve recognizability for colorblind users, or for people who run grayscale for whatever reason. It's a little hard to see in the low-res screenshot, but accept is a green circle with a checkmark cutout, drop is a red trashcan, and reject is a red hand.
    • Started work on a detail view/editor. I need to figure out a better way to do this, as the way I have it now is really tedious to work with.
    • Tested a lot more, including support for larger policies. For now, the biggest I've tried is 3600 rules, but it worked perfectly.

    Now that macOS 11 is officially out, it's the minimum version I'm targeting.

  3. #23
    Join Date
    2014-09-02
    Posts
    376
    Rep Power
    10

    Default Re: SmartDashboard on macOS

    Nicely done! Looks like it's time to upgrade my Hackintosh VM again ;)

    -E

  4. #24
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    No screenshots to really show this off, but a small update.

    I have just made my first successful API call to change the properties of an object based on changes made locally in my client.

    While what little I have works very nicely, write mode admittedly isn't very functional yet. For now, it just allows changes to objects' names, comments, and colors. I have to write a lot of cases for what properties the different object types have. Don't want to try to change the network mask on a TCP service, after all.

    I also don't yet support publishing. I need to figure out a way to convey status back to the user.

  5. #25
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Spent a while completely rewriting my entire import architecture and my entire object model. Previously I had been using one single object definition for everything. Hosts, networks, services, applications, even rules. This is gross for a lot of reasons, but I found it necessary, as the API often hands you a UUID with no information about the type of object that UUID represents. Further, there is an object for "Any", and exactly the same object is used for sources, destinations, VPN communities, and so on. Well, with the help of a few articles on interesting ways to extend Swift's Codable feature, I figured out a way around that. Took me a few weeks, but the end result is about 20% lower memory footprint and file sizes for the local copy of the data.

    While I was at it, I worked out my own ordering criteria for ordered lists of things like access rulebases. That worked very nicely, so I also now have proper ordering of empty sections.

    NAT rule display is currently broken. I adapted the rule outline to the new model for access rules, but NAT rules are now different enough I need to spend more significant time getting them working. It's slightly complicated by the fact the automatic NAT sections are shared between many policies. Pretty sure I'll have it hammered out this week.

    Edited to add: Turns out NAT rule display was easier to fix than I thought. 75 new lines, 11 changed, 53 deleted lines, and I see a few opportunities to clean things up further. Not bad! The new object model is now fully integrated with complete feature parity with the old model.
    Last edited by Bob_Zimmerman; 2020-12-16 at 17:39.

  6. #26
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,668
    Rep Power
    12

    Default Re: SmartDashboard on macOS

    At some point this is going to be a very round wheel. :)

  7. #27
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Quote Originally Posted by jflemingeds View Post
    At some point this is going to be a very round wheel. :)
    At some point, sure. For now, I figure I have about 20% the functionality of SmartDashboard. Lots left to add, but it's mostly view-side code in MVC. The object model changes put me in a better position to be able to add those things without running into limitations later.

    Stuff I don't have yet:
    • Publishing - Mostly waiting on me to figure out a way to convey progress to the user.
    • Pushing policy - Waiting on publishing and progress conveyance.
    • Adding objects - Waiting on publishing.
    • Rule reordering - Waiting on me to figure out how drag-and-drop works with NSOutlineView.
    • Rule modification - Waiting on me to figure out how to represent the fields for modification.
    • Adding rules - Waiting on rule modification, as they're mostly the same thing.


    There are a few other small weirdnesses, but those are the major limitations right this second. The progress meter is probably the next thing I'm going to work on.

    Edited to add: Well I thought publishing was just waiting on a way to convey progress to the user, but it turns out the API for tasks is far, far weirder than I had expected. Each task is an object of the type "task" with a UUID like any other object (which you can use to find the object personality of the task via 'show object', but you can't see the progress) ... then a separate "task-id" which is a different UUID which you need to use to actually find it via 'show task'.

    On the plus side, if we don't care about feedback from the publish operation, I have that functional right now. :p
    Last edited by Bob_Zimmerman; 2020-12-20 at 17:43.

  8. #28
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Gave up on the progress meter for now, and learned to do this instead:

    Click image for larger version. 

Name:	Screen Shot 2021-01-24 at 09.38.27.jpg 
Views:	34 
Size:	77.5 KB 
ID:	1448

    I now have support for dragging objects from the sidebar into the source, destination, and service fields of rules, and the objects actually get added to the rule via the API. In that screenshot, I'm dragging ".github.com" to the destination of rule 3. It's pretty fragile right now, as I'm still learning about how to represent drags as different data types and how to filter the drop targets based on what is being dragged. Right this second, you can absolutely do nonsensical things like dragging a service into the destination of a rule. Still, it's visible progress!

    I have also added detail views and write support for a bunch of object types. In endpoints, I've got address ranges (multicast or not), DNS domains, hosts, networks, wildcards, security zones, and dynamic objects. No support yet for access roles, groups, or firewalls. In services, I've got TCP, UDP, ICMP, ICMPv6, DCE-RPC, and RPC. Still working on IP protocols, groups, and applications/sites.

    Still no support for building new objects, building new rules, rearranging rules, removing objects from rule fields, or editing fields other than the source, destination, and service. Lots of those are relatively well-defined features, though. Much less daunting than the original "figure out how to show rules at all".

    A universal amd64+aarch64 release build zips down to 1.2 MB, so it should still just barely fit on a floppy. ;)

    Edited to add: And this weekend, I figured out pasteboard data types. You can no longer drag services to the source or destination of a rule, or endpoints to the service of a rule. I also got field-to-field drag-and-drop working, though only for one item at a time. I think that's an acceptable limitation for now. On to other things.
    Last edited by Bob_Zimmerman; 2021-02-01 at 10:40.

  9. #29
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Finding some rough edges when it comes to application/site objects and their relationships with categories. Suspending my work on that for now.

    I think I've figured out how to make new objects. It leverages the detail view and object editing work I've done so far, with a tiny modification to recognize when the object is new. Still learning about menus, but I think I'll have a basic version working soon.

  10. #30
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Now that I have a good way to build an MDS for testing, I'm starting to work with the multi-domain parts of the API. This leads to a big question:

    How should connecting to an MDS work?

    It would be easiest from a development standpoint to spot that I'm connecting to an MDS, throw an error to ask the user to pick a domain, then connect only to that domain. From there, it's just like a SmartCenter. Everything in that CMA gets cached to the local database, saved to a file, and so on.

    With a fair amount more work, I think it would be possible to build a connection to every domain you have permission to access (including the MDS itself and the global meta-domain), and use that to pull all of the data from every domain into the same database (retaining the domain each object came from, of course). This would allow for extremely rapid switching between domains (on-par with the speed of switching between policies). Separate files per domain would let you view multiple domains at once in different windows, though.

    So what does everybody think? Separate file per CMA, or one big file for all CMAs on an MDS?

  11. #31
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Took a bit longer than I thought to finish shaving some other yaks and get back to directly working on this project. I'm happy to report I was able to figure out enough about menus to allow for the creation of new objects! It's still very much a work in progress, and I need to add some client-side data validations (if you build a new object and don't give it a name, that should present an error on the client side, rather than trying to push a nameless object and making the management hand me an error), but it's functional for all of the types I have detail views for.

    Click image for larger version. 

Name:	Screen Shot 2021-04-04 at 14.30.53.png 
Views:	22 
Size:	409.5 KB 
ID:	1449

    The disabled entries in the menu are items I don't have a good detail view for yet. The issue is mostly that I don't yet know how I'm going to handle editing references from one object to another. I have some ideas, but other things have been higher priority.

    So to recap, I now have:
    • Object and rule download
    • Object detail view and editing
    • Creating new objects
    • Drag-and-drop from object list into rules and from rule field to rule field for sources, destinations, and services
    • Publishing and discarding sessions

    The first three are subject to some limitations (as I said, I don't yet have good detail views for some object types, and I use the detail view for editing, and editing for creating new objects), but they work in general.

    I do not yet have:
    • Search for objects or rules
    • Deleting objects
    • Adding rules or sections
    • Rearranging rules or sections
    • Editing rule fields other than source, destination, and service
    • Deleting rules or sections
    • Any sort of view of progress for in-flight tasks
    • Any sort of change counter to let you know how many things you are about to publish or discard
    • Adding new policy packages or access layers
    • Editing policy packages or access layers
    • Deleting policy packages or access layers
    • Pushing policy
    • Anything to do with Threat Prevention
    • Anything to do with logs


    The client as it stands today is 1.3 MB zipped, 6.2 MB ready to run, built for both amd64 and aarch64. It's 6933 lines as written, 6127 if I remove blank lines and block comments. Shockingly (to me, anyway), 792 of those lines are just a single closing brace.



    I'm finding I really like Swift's trailing closure syntax, and inline closures in general. The ability to do `let objectName = { <some tiny function here> }(<arguments>)`is pretty slick, as is the ability to add getter and setter methods and property observers to any property:

    Code:
    var someValue: Int = 0 {
    	get { ... },
    	willSet(newValue) { ... },
    	set(newValue) { ... },
    	didSet { ... }
    }
    Objective-C selectors (needed for double-click, menus, and more) are currently kind of painful for me, but I think I'm starting to understand how they actually work.

  12. #32
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    While figuring out some menu stuff, I decided it's time to learn more about how localization works on macOS (this was actually to help me reliably place the "Add Object" menu in the menubar). Turns out Xcode has some really nice features to help find localization issues:

    Click image for larger version. 

Name:	Screen Shot 2021-04-14 at 16.33.36.jpg 
Views:	20 
Size:	81.0 KB 
ID:	1450

    Xcode lets you force applications to run in a particular locale, and it provides several virtual locales which do interesting things to localized strings. This particular one sets the layout direction to be right-to-left, and flips all localized strings to also be right-to-left. This idea is to let you find spots where the layout would break if the application were running in a RTL locale, but without requiring you to actually speak such a language.

    Localization in general involves taking language-specific and culture-specific resources, and replacing them with references to a table. You should then be able to make a new table for each language you want to translate the application into without changing anything about the application code itself. The system checks its list of languages preferred by the user, and picks the highest one offered by the application. The application then uses that table for all of the table references.

    This particular virtual locale reverses strings it is given. For example, the "Add Object" menu, the window's "Disconnected" subtitle, and all of the categories in the sidebar. A lot of the strings come from data provided by the management server, though. Those strings print exactly how they are downloaded.

    As you can see in the screenshot, I still have a few layout issues to work out. For example, the column headers are left-justified rather than leading-justified.

  13. #33
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    I've figured out enough about contextual menus to allow for object deletion.
    Click image for larger version. 

Name:	Screen Shot 2021-04-18 at 09.25.37.jpg 
Views:	15 
Size:	82.5 KB 
ID:	1451
    This required more "fun" with Objective-C selectors. Selectors are basically function calls, but you can't pick values to pass to them. The UI framework picks the arguments automatically. Took me a while to figure out how to work within that constraint. Just like saving changes, deletion is disabled if you are disconnected, or connected in read-only mode.

    Working on object search and a good way to edit objects which reference other objects (groups, access roles, etc.) next. Then I'll tackle editing rules beyond just adding objects to the source, destination, and service columns.

  14. #34
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    My client has long had a big, gross limitation which isn't really obvious in screenshots: it didn't handle data updates very well. You could download objects, edit existing objects, and now make new ones, but to get them to show up, I basically just told the object sidebar to reload from scratch. It would collapse all the categories and you would lose your selection. Technically functional, but super gross.

    Well, over the last few weeks, I figured out how to build a delegate object to handle update notifications from the database engine. Now, as objects are added and deleted, they go into the correct spots in the sidebar, the counts update, and all is right with the world. Any objects you have selected stay selected, and sections you have expanded stay that way.

    This is a nice quality-of-life improvement in the sidebar, but it's much more important for future work. Can't effectively search the objects in the sidebar if every time you type a letter, all the categories close.

    Click image for larger version. 

Name:	Screen Shot 2021-05-09 at 17.24.05.jpg 
Views:	15 
Size:	66.9 KB 
ID:	1452

    I lose the ability to keep the current object category at the top of the sidebar, but that seems relatively minor. Additionally, the object types are now all the actual names used in the API. Not thrilled about that, and looking into ways I can better localize the object types.

    Major upcoming targets are object search and internal improvements to how I handle rule display working towards drag-and-drop rule rearrangement.

  15. #35
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Just got object search working in the sidebar. It's not quite as smooth as I want it. It searches automatically as you type and shows the results live in the sidebar, but it closes the object types. Not great, but functional enough for now while I learn more elsewhere. The object counts update, and object types which don't have any matches don't show up. Here's how my test system's data looks with no search query:

    Click image for larger version. 

Name:	No search.jpg 
Views:	10 
Size:	38.5 KB 
ID:	1453

    And here it is with a search entered:

    Click image for larger version. 

Name:	Search.jpg 
Views:	8 
Size:	23.5 KB 
ID:	1454

    I also added contextual menus to the source, destination, and service fields in access rules. For now, the only menu item I have in them is to toggle the field's negation. Still, that's a capability I didn't have in the UI before. The method I used is relatively extensible, so I should be able to make a menu to do other things like change the action of a rule fairly easily.

    Still no ability to remove objects from rules, create new rules, rearrange existing rules, or delete rules.

    I think I'm going to have to rework the sidebar view to be a generic "objects list" view. Then I could use one single block of code for the sidebar, finding objects to add to groups or rule fields, and so on.

  16. #36
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Lots of visible updates! I've been adding menus to access rule fields and items within those fields. While most of the menu items aren't hooked up to anything yet, I do have this one which I think is worth showing off:
    Click image for larger version. 

Name:	Screen Shot 2021-05-22 at 14.42.56.png 
Views:	10 
Size:	171.6 KB 
ID:	1455
    Also visible in that screenshot, I now show disabled rules. Can't believe I missed that earlier, but I somehow did.

    Right now, I have the ability to toggle source/destination/service negation (as above) and rule enabled/disabled state, and to change the rule action (though inline layers aren't working yet; need to figure out how to build a menu of allowed layers). Working on editing the rule name and removing objects from the source/destination/service fields. I don't really like the arrangement of items in SmartConsole's menus, so I'm also thinking about which menu items I want to group together and why. For example, here are the items in SmartConsole's menu when you right-click a host:

    View...
    Edit...
    Clone...
    Delete
    ------------------------------
    New...
    ------------------------------
    Where Used...

    Three sections, two of which only have one menu item? And View and Edit both take you to the same window. Seems like they should be arranged into operations on this exact object, and operations which are only similar to this object:

    View/Edit...
    Where Used...
    Delete
    ------------------------------
    Clone...
    New...

    I have some more backend work to do before I think I'll be able to handle moving rules, but I have an idea of where to look.

    Two hours later: Just got adding inline layers working!

    After the weekend: Deleting objects is now working, and I fixed a few dumb little bugs.

    I now have:
    • Object and rule download
    • Creating new objects for most types
    • Search for objects
    • Editing existing objects for most types
    • Deleting objects
    • Drag-and-drop from object list into rules and from rule field to rule field for sources, destinations, and services
    • Removing objects from source, destination, and service fields
    • Enabling/disabling rules and toggling field negation
    • Changing rule actions, including inline layers
    • Publishing and discarding sessions

    I do not yet have:
    • Where Used
    • Search for rules
    • Adding access rules or sections
    • Rearranging access rules or sections
    • Editing access rule or section names
    • Deleting access rules or sections
    • Adding NAT rules or sections
    • Rearranging NAT rules or sections
    • Editing any NAT rule fields
    • Deleting NAT rules or sections
    • Any sort of view of progress for in-flight tasks
    • Any sort of change counter to let you know how many things you are about to publish or discard
    • Adding new policy packages or access layers
    • Editing policy packages or access layers
    • Deleting policy packages or access layers
    • Pushing policy
    • Anything to do with Threat Prevention
    • Anything to do with logs


    Productive weekend! Got object removal from rules working. Currently, the UI limits you to removing one at a time, but I have an idea of how to fix that. The backend supports removing an arbitrary number of objects at once.
    Last edited by Bob_Zimmerman; 2021-05-24 at 19:02.

  17. #37
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Over the weekend, I added color swatches to the object color picker. That was WAAAAY harder than it seems like it should have been, but it's working now:
    Click image for larger version. 

Name:	Screen Shot 2021-06-07 at 11.02.29.png 
Views:	5 
Size:	111.0 KB 
ID:	1456
    And just now, an hour before the WWDC 2021 keynote, I made my first successful access rule move via the API in response to a drag-and-drop operation in my UI!

    Lots of work before that's ready to show off. I also have UI support for copying rules (via Option-drag) but no code to add the rule, and I can't seem to drag into empty sections yet. Successful rule moves don't return any positional information at all via the API (the returned rule object doesn't even have a rule number!), so I'm going to have to manually recompute the rule ordering criteria and the rule numbers. Shouldn't be anywhere near as hard as getting drag-and-drop working in the first place.

    Then I need to figure out how to extend the drag-and-drop support for NAT rules. Maybe access and NAT sections, too? Does anybody drag whole sections around?

    I don't have support for dragging multiple rules. I'd like to add it eventually, but the API only supports a single move at a time, so I would need to serialize the drags. That's more complicated than I would like to get into just now, but should be achievable eventually.

    The backend support I'm building for copying rules should make it easy to add support for adding an entirely new rule (after all, that's more-or-less what copying a rule is). Just not there at the moment.

  18. #38
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    389
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Figured out how to update the rule ordering criteria and rule numbers. Now dragged-and-dropped rules gets reordered in the UI, and they get the correct rule number (or at least, I'm not aware of any cases where they don't). Only works for access rules at the moment, not NAT, and doesn't yet update the UI live (you have to go to another access layer, then back to see the update). I've needed to work on live updates to the rule view for a while, so that's nothing new. Time to learn more about key-value observing in Swift.

    Click image for larger version. 

Name:	Screen Shot 2021-06-12 at 11.48.15.jpg 
Views:	10 
Size:	85.8 KB 
ID:	1457

    I know you can't see the drag operation in a screenshot, but that's how I got the "Bad Browsing" rule down to rule number 9. No use of SmartConsole or manual API commands involved!

    Found out the API doesn't include support for moving a section to a new position, so I guess I won't be adding drag-and-drop support for moving whole sections.

    From a rule numbering perspective, I'm handling a drag-and-drop-to-move as a deletion then an addition, even though I make the API call to move. Should be relatively easy to add support to make the API call to add or delete a rule, and the rule numbering is already ready to go. As I mentioned, Option-drag-and-drop-to-copy is just adding a rule with all of the fields already filled in, so that should also be fairly quick to support.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. SecureClient MacOS Global Params
    By dave_c_uk in forum SecureClient/SecuRemote
    Replies: 2
    Last Post: 2010-03-09, 03:07
  2. SmartDashboard Bug
    By melipla in forum SmartDashboard
    Replies: 0
    Last Post: 2008-04-25, 15:38
  3. SecureClient for MacOS
    By chillyjim in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2007-05-11, 10:59
  4. smartdashboard help
    By derspot in forum Feedback To Check Point: Suggestions And Requests
    Replies: 1
    Last Post: 2007-01-11, 13:50
  5. Can I use Smartdashboard on an old CP?
    By Huisje in forum SmartDashboard
    Replies: 2
    Last Post: 2006-08-08, 12:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •