First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


    No screenshot for this update, as it's "just" fixes for stuff I showed off in the last one.

    Updated my policy package objects to have an ordered relationship to access layers, updated the rest of my code to deal with that, got rearranging working, and got the HTTPS inspection layer picker working.

    With these changes, I now have the ability to create new policy packages and edit existing ones. To make my life easier, I only let the user make changes to an object which are allowed to be made in a single API call. This isn't a great situation, but I don't yet want to deal with making multiple API calls in response to a single user action.

    I now have:
    • Object and rule download
    • Creating new objects for most types
    • Search for objects
    • Editing existing objects for most types
    • Deleting objects
    • Drag-and-drop from object list into rules and from rule field to rule field for sources, destinations, and services
    • Removing objects from source, destination, and service fields
    • Enabling/disabling rules and toggling field negation
    • Changing rule actions, including inline layers
    • Publishing and discarding sessions
    • Adding access rules or sections
    • Rearranging access rules or sections
    • Editing access rule or section names
    • Deleting access rules or sections
    • Adding NAT rules or sections
    • Rearranging NAT rules or sections
    • Deleting NAT rules or sections
    • Pushing policy
    • The ability to create and edit some objects which reference other objects (groups, services-groups)
    • Adding new policy packages and access layers
    • Editing policy packages and access layers

    I do not yet have:
    • Where Used
    • The ability to edit some objects which reference other objects (Access-roles, etc. I don't use them, so I don't want to build that until I'm familiar with how they work.)
    • Editing most NAT rule fields (I can toggle enabled/disabled, and hide/static source NAT)
    • Search for rules
    • Any sort of view of progress for in-flight tasks
    • Any sort of change counter to let you know how many things you are about to publish or discard
    • Deleting policy packages or access layers
    • Anything to do with Threat Prevention
    • Anything to do with logs
    • Any support for Provider-1

    Found out that when you delete an access layer, the rules under it are deleted. When you delete a policy package, the access layers it uniquely references are also deleted. At some point, I need to try building a shared layer, adding it to one single policy package, and deleting that policy package. I wonder if the management will delete the shared layer.

    Deleting stuff mostly works, but it's up to the user to confirm something isn't used before trying to delete it. I don't yet provide a Where Used, so I guess that's my next development focus. On the plus side, if you try to delete something which you can't, it fails. The API returns an error (Thank you, Check Point! Way too many APIs go "HTTP code: 200, response body: 'Task failed!'"), which I catch, so I don't remove the object from my local database. I don't yet show the error to the user.

    Every time I think my day job is settling down a little, there's some new crisis. As a result, I haven't been able to spend as much time on this project as I'd like. I have also run into a performance issue, which has gotten a lot worse as I've added columns to the rule view.

    Outline views on macOS like the one I'm using to show rules inherit from table views. Table views on macOS have some really complicated performance tricks internally, because they had to perform well on computers from 1989 (today's macOS descends directly from NeXTSTEP). Some of the things I've been doing don't work well with these tricks. On even basic policies, I'm getting animation hitches for up to 700 ms when scrolling the rules. That's not acceptable.

    Nobody else seems to be using quite the constellation of features I'm trying to, so there isn't any documentation on how to use them all together. Currently working on a few different strategies.

    Still chasing the performance issues when scrolling rules. I've found four or five ways to do it which don't improve the situation at all. Still looking for a method which does. Might burn a developer tech support incident on it.

    I've trimmed a lot of redundant code. I'm down over a thousand lines since May, even with some new functionality.

    And speaking of new functionality, I've added a recurring timer which calls the API connection keepalive. Took way too long to figure out how to get the timer to fire reliably, but I finally have it. This is particularly important, as it relates to a big functional limitation: I didn't have a way to recognize when someone else locks an object after I've started a session. The recurring timer is the first step towards solving that. Now, I need to figure out how to efficiently get a list of things someone else has locked. It's relatively simple to find the sessions with locks, but frustrating to go from those sessions to the things they have locked. I'm still working on doing that well, particularly with rules.

    Totally unrelated to this client application, I think I'm about to start looking for a new job. I'm an expert with VSX and I'd say pretty decent with the management API and GAiA API. If you might be interested in hiring me, let me know.

