CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Page 3 of 3 FirstFirst 123
Results 41 to 54 of 54

Thread: SmartDashboard on macOS

  1. #41
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Quote Originally Posted by PhoneBoy View Post
    Nice to see you're still working on this :)
    Databases are one of those things I really don’t understand all that well. Key-value observing is another. This, unfortunately, combines both, so it has taken me a long time to learn what I need to ask the right questions.

    I have a couple of ideas which might let me simplify my view controller code. We’ll see if any of them work out!

  2. #42
    Join Date
    2014-09-02
    Posts
    377
    Rep Power
    10

    Default Re: SmartDashboard on macOS

    Quote Originally Posted by PhoneBoy View Post
    Nice to see you're still working on this :)
    Agreed. It's definitely very cool.

    Please don't take this as throwing shade, but my [admittedly cynical and half-joking] prediction is that he'll complete it the day before whatever R8x drops with full browser-based SmartConsole.

    On that note, who's seen what's already there in R81.10? (hint: try https://[management]/smartconsole)

    -E

  3. #43
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Quote Originally Posted by EricAnderson View Post
    Agreed. It's definitely very cool.

    Please don't take this as throwing shade, but my [admittedly cynical and half-joking] prediction is that he'll complete it the day before whatever R8x drops with full browser-based SmartConsole.
    Even if it comes after browser-based management, I won't be too disappointed. I'm one person doing this in my spare time, after all. ;) I will always prefer the performance achievable with a thick client, and I have a few super-secret ideas I'm building towards.

    Still having trouble with key-value observing to update the UI as the backend data is updated. Fixing this may require much more manual definition of my Core Data entities so as things are added to a layer's rulebase, the layer automatically starts observing them for changes. We will see.

    I'm familiar with reactive programming in general from some time writing systems code and lambda calculus, just having trouble understanding how to express my intent in Apple's frameworks. Conceptually, what I'm trying to do is a lot like writing an interrupt handler (which is ultimately how lambdas are implemented). I need to figure out how to fire interrupts when a rule's position is updated, and how to tell the system the rule section is interested in those interrupts. Then how to fire interrupts when the rule section's rules are updated (or the section itself), and how to tell the system the layer is interested in them.

  4. #44
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Duplicate post.

  5. #45
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    I think I've finally cracked it. Removed some debugging code I had added, and now drag-and-drop is working from inside a section to outside a section, from outside a section to inside, between sections, and within a section. I was right, it was a problem with KVO. Turns out that debugging code I had added to get insight into its internal state was preventing other code I wrote later from being called. This other code solved the problem. I feel dumb, but that means I'm learning! Plenty left to address in the near future:

    • Fixed: The rule number is updated correctly in the internal database, but not in the UI. I know for a fact that will be easier to address than drag-and-drop within a section.
    • Done as of the 25th: I still need to extend what I'm doing to support rearranging NAT rules. Not easy, but not enormously difficult.
    • Done as of Oct 2: Then I need to add the ability to delete existing rules and add new rules. Extremely easy, as I've already written ~98% of the necessary code as part of moving rules.
    • Done as of Oct 2: Adding and removing sections would be after that. I wonder what the API does if you try to delete a section which has rules in it.
    • Still need to work on editing and creating objects which reference other objects (mostly groups).

    Lots to do beyond this list, of course, but the ability to view and edit rules and most types of objects seems like a good spot for an alpha-quality release. Real artists ship, and all that.

    The release build right this second is 1.6 MB zipped, 8.2 MB ready to run.
    Last edited by Bob_Zimmerman; 2021-10-02 at 14:55.

  6. #46
    Join Date
    2007-02-07
    Posts
    162
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    I'd like to try it out. Where can I find the release build?

  7. #47
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Quote Originally Posted by danjun View Post
    I'd like to try it out. Where can I find the release build?
    It's extremely limited right now. Shows most things, but can only manipulate a few of them. The login flow is iffy (it defaults to my lab SmartCenter's address and doesn't remember any others you log into; there are extraneous workstation password prompts from Keychain). The request load it presents consistently crashes the API on my lab SmartCenter when I try to download everything, and it doesn't handle these crashes as gracefully as I would like. It also doesn't currently provide any feedback to the user at all when it's waiting on an API call to return (I have lots of logging, and use the console in Xcode to monitor progress; still figuring out how I want to show in-flight tasks to the user).

    It hasn't caused me any data loss on my lab SmartCenter. I'm reasonably confident it won't cause data loss, but I can't guarantee it. Be sure to take regular backups, both of your management server and of your workstation.

    Knowing those concerns, if you're still interested in trying it, I can certainly send you a copy, along with a copy of my database to poke around in (think Demo Mode). Send me a PM with an email address.

  8. #48
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Well, I just discovered that while policies have automatically-generated NAT sections which you can't modify at the top, you can add NAT rules above them. So that's fun. Time to rework a chunk of my database schema.

    On the plus side, I found this while building test data to confirm I handle drag-and-drop correctly for NAT rules. Looking promising so far, but we'll see after the schema changes.

    Edit: Having slept on it, the situation is worse than I thought. Since policies can have different rules above the automatic sections, the automatic rules can have different rule numbers in different policies. But since they're the exact same rules (not copies, but the same object), that means I can't track the rule number as a property of a NAT rule. Instead, it has to be derived from the rule's position. I'm going to have to think for a while about how to handle that properly.
    Last edited by Bob_Zimmerman; 2021-09-26 at 16:21.

  9. #49
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Still thinking about the right way to calculate rule numbers. I do have some minor things to share. I've added the ability to disable NAT rules (and to show that they are disabled), as well as the ability to toggle the source NAT method (destination and service can only be static, so I don't do anything special there). Also added a little icon to show when the rule is set to hide:

    Click image for larger version. 

Name:	Screen Shot 2021-09-30 at 21.44.56.jpg 
Views:	87 
Size:	96.2 KB 
ID:	1458

    I've worked out most of the code to add and remove sections. Removing NAT sections is a bit complicated. Right now, there are the automatically-generated sections which can't be removed, and which you can't drag rules into or out of. They are shared across all policies with NAT. There's the "Manual Lower Rules" section, which is always present, and which you can't remove, but you can drag rules into and out of it. Then there are all the other sections (including potentially sections above the automatic sections), which you can remove and drag rules into or out of.

    I'm trying to prevent the UI from offering you the option to delete or edit something which I know the API won't let you delete or edit. Finding all these little special rules has been a bit of a challenge. I suspect I'll find whole new rounds of weirdness like this when I get around to Provider-1 support.

  10. #50
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Just finished adding the ability to add and delete access and NAT rules and sections. I create rules disabled to let you build the rule before enabling it. This isn't as big a deal as it was before R80, but it has long frustrated me how SmartDashboard creates rules which break your ability to push policy until you change them.

    It actually irritates me how when you right-click on a section and pick "Add section > Below", the new section immediately takes all the old section's rules. I've set my client up such that when you right-click on a section and say to add a section below it, the new section is added after all the rules in the section you clicked on. You can still get the old behavior by right-clicking on a rule and picking the option to add a section above or below it.

    I still don't have a way to add rules and sections to a totally empty policy or layer. That said, I also don't have the ability to add totally new policies or layers yet, so not being able to add things to them is less of a problem at the moment.

    I now have:
    • Object and rule download
    • Creating new objects for most types
    • Search for objects
    • Editing existing objects for most types
    • Deleting objects
    • Drag-and-drop from object list into rules and from rule field to rule field for sources, destinations, and services
    • Removing objects from source, destination, and service fields
    • Enabling/disabling rules and toggling field negation
    • Changing rule actions, including inline layers
    • Publishing and discarding sessions
    • Adding access rules or sections
    • Rearranging access rules or sections
    • Editing access rule or section names
    • Deleting access rules or sections
    • Adding NAT rules or sections
    • Rearranging NAT rules or sections
    • Deleting NAT rules or sections


    I do not yet have:
    • The ability to edit objects which reference other objects (groups, services-groups, access-roles, etc.; creation depends on the ability to edit)
    • Where Used
    • Search for rules
    • Editing most NAT rule fields (I can toggle enabled/disabled, and hide/static source NAT)
    • Any sort of view of progress for in-flight tasks
    • Any sort of change counter to let you know how many things you are about to publish or discard
    • Adding new policy packages or access layers
    • Editing policy packages or access layers
    • Deleting policy packages or access layers
    • Pushing policy
    • Anything to do with Threat Prevention
    • Anything to do with logs
    • Any support for Provider-1


    That balance is starting to tip the right direction!

  11. #51
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Just added the ability to push policy! The UI is still a work in progress, but it's usable.

    Click image for larger version. 

Name:	Screen Shot 2021-10-09 at 14.46.48.jpg 
Views:	76 
Size:	54.1 KB 
ID:	1462

    Right now, the installation targets list just shows all firewalls. I don't currently interpret the policy package's installation targets in a meaningful way, so the next steps towards completing this are figuring out what values can be in there, updating my internal database schema, then more testing. I also still don't have any sort of feedback to the user about operations in flight. This is especially important because policy installations can fail, and without some way to provide feedback, the user won't know if it worked or not.

    Still, progress!

    Update from 2021-10-10: Fixed my interpretation of the installation targets, and now it only shows the targets which are valid for a given package. I also set it up to only offer to install policy types the selected package actually contains.
    Last edited by Bob_Zimmerman; 2021-10-10 at 14:11.

  12. #52
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    While building some test data to confirm I handle policy installation targets correctly, I noticed I didn't import clusters at all. I think I started developing this client against R80.20, which didn't show clusters or offer the ability to manipulate them. Built one for testing, and found the API for dealing with clusters in R80.40 is still pretty janky. For now, I import the cluster as if it were a normal firewall, and I totally ignore the members. That should be relatively safe until the API offers a more consistent view of the objects.

    Otherwise, I've actually been working on a way to show progress to the user for a while. Made significant advances towards that goal this weekend, and also cleaned up a lot of little issues and UI inconsistencies. For example, Apple's included toolbar buttons show a border when the mouse is over them. Mine did not. I figured out what I had to change to get that to show up:

    Click image for larger version. 

Name:	Screen Shot 2021-10-17 at 17.44.23.jpg 
Views:	64 
Size:	63.7 KB 
ID:	1463

    I also cleaned up the icons a lot. They're much more consistent now. I'll eventually get a professional artist to design some icons for me, but I want to get the tool to usable condition before I spend anything but time on it.

    For now, the progress meter isn't hooked up to much of anything, but I have some of the backend in place as a proof of concept. I think I've figured out enough to get it working in a few weeks. We'll see.

  13. #53
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Day job has been busier than expected the last few weeks. Thorny firewall upgrade. It eventually worked, but I haven't had the focus left at the end of the day to really program effectively.

    Over the last few days, I upgraded my 2200 to R81.10, which was a bit of an ordeal. I couldn't upgrade in place, because Check Point doesn't support a standalone deployment on the 2200, so CPUSE just refuses to install it. In the end, I exported the config, imported into an R80.40 VM, upgraded there, exported from the VM, rebuilt the 2200 at R81.10, modified config_system, then imported the config from my VM. At least it's mostly working now.

    When I connected my client to the R81.10 system for the first time, though, it crashed when importing objects. Looks like R81.10 adds a few object types I haven't seen before. Working on adding support for them, but also on improving my handling of types I don't yet support. Crashing is bad, obviously (though better than continuing in an unknown state). I should instead import unrecognized object types as generic objects, at least until I better understand what to do with them. Fixed as of 2021-10-31.
    Last edited by Bob_Zimmerman; 2021-10-31 at 15:17.

  14. #54
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    406
    Rep Power
    15

    Default Re: SmartDashboard on macOS

    Earlier this week, I managed to connect the progress meter to the API interaction queue. And as of an hour or so ago, I think I have resolved all the new bugs I introduced getting it to work!

    There are some visual glitches. Specifically, it shows the number of completed tasks out of the total number of tasks in the queue. At the start, there are only two tasks in the queue: 'show objects offset 0', and 'show packages offset 0'. As a result, the progress jumps backwards as it figures out how many objects, policy packages, rules, and so on there are to download. For the moment (including for this screenshot), I have the progress meter start at 1/3 complete when a new window is opened. It helps me to see the effect of styling changes:

    Click image for larger version. 

Name:	Screen Shot 2021-11-25 at 10.00.17.jpg 
Views:	23 
Size:	57.8 KB 
ID:	1464

    I changed it from gray to the accent color. Blue by default, but it matches whatever you pick in System Preferences > General. It's a toolbar button, but doesn't actually show anything when you click it for now. Next, I plan to make it show a popup with the in-flight tasks and their progress. I also need to deal with task cancellation (e.g., if the API crashes or if the user hits the button to disconnect).

    Slowly moving towards something I can actually ship. 9983 lines as written, 8865 lines without blanks or block comments. 9.3 MB ready to run for both amd64 and aarch64, 1.9 MB zipped.

Page 3 of 3 FirstFirst 123

Similar Threads

  1. SecureClient MacOS Global Params
    By dave_c_uk in forum SecureClient/SecuRemote
    Replies: 2
    Last Post: 2010-03-09, 03:07
  2. SmartDashboard Bug
    By melipla in forum SmartDashboard
    Replies: 0
    Last Post: 2008-04-25, 15:38
  3. SecureClient for MacOS
    By chillyjim in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2007-05-11, 10:59
  4. smartdashboard help
    By derspot in forum Feedback To Check Point: Suggestions And Requests
    Replies: 1
    Last Post: 2007-01-11, 13:50
  5. Can I use Smartdashboard on an old CP?
    By Huisje in forum SmartDashboard
    Replies: 2
    Last Post: 2006-08-08, 12:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •