CheckPoint-R81如何导出和导入策略-上
2022-03-15 10:57阅读:
1.工作环境: CP-R81> ver
Product version Check Point Gaia R81
OS build 392
OS kernel version 3.10.0-957.21.3cpx86_64
OS edition 64-bit
CP-R81>
File Name: Check_Point_R81_JUMBO_HF_MAIN_Bundle_T58_FULL.tgz
Package Size: 1155.6 MB
Release Date: 02-Mar-2022
Installed On: 14-Mar-2022 23:16:34
2.工具准备:
标准 SmartConsole 功能实际上不允许您导出或导入策略设置。
* “导出”是可以的,但是导出为非常简单的CSV格式的文件,不能导入(没有导入功能)。
相反,ExportImportPolicyPackage在 GitHub 上发布了一个名为的基于 Python
的工具,因此我将使用它。
此外,为了能够使用ExportImportPolicyPackage,需要一个名为cp_mgmt_api_python_sdk的库。这也发布在
GitHub 上。
3.开始:
[Expert@CP-R81:0]# tftp 10.137.162.53
tftp> binary
tftp> get cp_mgmt_api_python_sdk-master.tar
tftp> get ExportImportPolicyPackage-master.tar
tftp> quit
[Expert@CP-R81:0]# ls
ExportImportPolicyPackage-master.tar
show_package-2022-03-09_08-31-43.tar.gz
cp_mgmt_api_python_sdk-master.tar
myconfigfile
[Expert@CP-R81:0]# pwd
/home/admin
[Expert@CP-R81:0]# mkdir mycpapi
[Expert@CP-R81:0]# mv ExportImportPolicyPackage-master.tar
mycpapi
[Expert@CP-R81:0]# mv cp_mgmt_api_python_sdk-master.tar
mycpapi
[Expert@CP-R81:0]# tar -xvf
ExportImportPolicyPackage-master.tar
ExportImportPolicyPackage-master/
ExportImportPolicyPackage-master/exporting/
ExportImportPolicyPackage-master/exporting/export_access_rulebase.py
ExportImportPolicyPackage-master/exporting/export_https_rulebase.py
ExportImportPolicyPackage-master/exporting/export_nat_rulebase.py
ExportImportPolicyPackage-master/exporting/export_objects.py
ExportImportPolicyPackage-master/exporting/export_package.py
ExportImportPolicyPackage-master/exporting/export_threat_exception_rulebase.py
ExportImportPolicyPackage-master/exporting/export_threat_rulebase.py
ExportImportPolicyPackage-master/exporting/special_treatment_objects.py
ExportImportPolicyPackage-master/exporting/__init__.py
ExportImportPolicyPackage-master/importing/
ExportImportPolicyPackage-master/importing/import_objects.py
ExportImportPolicyPackage-master/importing/import_package.py
ExportImportPolicyPackage-master/importing/__init__.py
ExportImportPolicyPackage-master/import_export_package.py
ExportImportPolicyPackage-master/LICENSE
ExportImportPolicyPackage-master/lists_and_dictionaries.py
ExportImportPolicyPackage-master/menu.py
ExportImportPolicyPackage-master/README.md
ExportImportPolicyPackage-master/utils.py
ExportImportPolicyPackage-master/__init__.py
[Expert@CP-R81:0]# pwd
/home/admin/mycpapi
4.将 cp_mgmt_api_python_sdk
中的目录cpapi移动到
ExportImportPolicyPackage
目录中。
[Expert@CP-R81:0]# pwd
/home/admin/mycpapi
[Expert@CP-R81:0]# cd ExportImportPolicyPackage-master
[Expert@CP-R81:0]# ls -lh
total 180K
-rwxrwxrwx 1 admin root 12K Feb 24 23:59 LICENSE
-rwxrwxrwx 1 admin root 2.4K Feb 24 23:59 README.md
-rwxrwxrwx 1 admin root 14 Feb 24 23:59
__init__.py
drwxrwxrwx 2 admin root 229 Mar 14 22:54 cpapi
-rw-rw---- 1 admin root 225 Mar 14 23:29
export_error_log.elg
-rw-rw---- 1 admin root 6.9K Mar 15 08:35
exported__package__Standard__2022_03_14_15_14.tar.gz
drwxrwxrwx 2 admin root 4.0K Mar 14 22:54 exporting
-rw-rw---- 1 admin root 63 Mar 14 22:55
fingerprints.txt
-rw-rw---- 1 admin root 2.2K Mar 15 09:08
import_error_log.elg
-rw-rw---- 1 admin root 4.0K Mar 15 09:08 import_export.log
-rwxrwxrwx 1 admin root 3.2K Feb 24 23:59
import_export_package.py
drwxrwxrwx 2 admin root 147 Mar 15 09:06 importing
-rwxrwxrwx 1 admin root 30K Feb 24 23:59
lists_and_dictionaries.py
-rw-rw---- 1 admin root 12K Mar 14 22:54
lists_and_dictionaries.pyc
-rwxrwxrwx 1 admin root 14K Feb 24 23:59 menu.py
-rw-rw---- 1 admin root 8.4K Mar 14 22:54 menu.pyc
-rwxrwxrwx 1 admin root 24K Mar 14 22:52 utils.py
-rw-rw---- 1 admin root 21K Mar 14 22:54 utils.pyc
-rw-rw---- 1 admin root 5 Mar 14 15:14
version.txt
[Expert@CP-R81:0]#
5.需要更新的文件:
Utils.py
Old: outputfile =
open(‘output.csv’,’w’,newline=’’)
New:outputfile = open(‘output.csv’,’wr’)
Mgmt._api.py
Copy mgmt._api.py content from website.
1 #
2 # cp_management_api.py
3 # version 1.1
4
...
776 return fingerprint.upper()
6.[Expert@CP-R81:0]# python
import_export_package.py
Welcome to the Policy Package Import/Export
Tool.
What would you like to do?
1. Import a package
2. Export a package
99. Exit
2
Please enter a Policy Package name to export:
'Standard'
Please select a login method:
1. Enter user credentials manually
2. Login as Root
3. Use an existing session file
4. Use an existing session UID
99. Back
2
The script will run with the following
parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = True
Export HTTPS Inspection layers = True
Output-file name = None
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
1
Please select a setting to change:
1. Disable export of Access-Control Rulebases
2. Disable export of Threat-Prevention Rulebases
3. Disable export of NAT Rulebases
4. Disable export of HTTPS Inspection Rulebases
5. Output file name
6. Change Management Server IP
7. Change Management Server Port
8. Change the domain name
99. Back
2
disabled
The script will run with the following
parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = False
Export HTTPS Inspection layers = True
Output-file name = None
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
1
Please select a setting to change:
1. Disable export of Access-Control Rulebases
2. Enable export of Threat-Prevention Rulebases
3. Disable export of NAT Rulebases
4. Disable export of HTTPS Inspection Rulebases
5. Output file name
6. Change Management Server IP
7. Change Management Server Port
8. Change the domain name
99. Back
4
disabled
The script will run with the following
parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = False
Export HTTPS Inspection layers = False
Output-file name = None
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
1
Please select a setting to change:
1. Disable export of Access-Control Rulebases
2. Enable export of Threat-Prevention Rulebases
3. Disable export of NAT Rulebases
4. Enable export of HTTPS Inspection Rulebases
5. Output file name
6. Change Management Server IP
7. Change Management Server Port
8. Change the domain name
99. Back
99
The script will run with the following
parameters:
Export Access-Control layers = True
Export NAT layers = True
Export Threat-Prevention layers = False
Export HTTPS Inspection layers = False
Output-file name = None
Management Server IP = 127.0.0.1
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Back
2
Exporting Access Control layers
Exporting Access Layer [APP_and_Content]
Retrieved 1 out of 1 rules (100%)
Processing rules and sections
Exporting Inline-Layer [APP]
Exporting Access Layer [APP]
Retrieved 5 out of 5 rules (100%)
Processing rules and sections
Exporting Inline-Layer [Content]
Exporting Access Layer [Content]
Retrieved 2 out of 2 rules (100%)
Processing rules and sections
Exporting access rules from layer [Content]
Exporting access sections from layer [Content]
Exporting placeholders for unexportable objects from layer
[Content]
Exporting layer settings of layer [Content]
Done exporting layer 'Content'.
Exporting applications-sites from layer [APP]
Exporting access rules from layer [APP]
Exporting access sections from layer [APP]
Exporting placeholders for unexportable objects from l
