Hosting and Security
This page will be updated as new tools become available; please note that you need valid usercentre credentials to download the files.
R77 Migration Tools – Gaia / SecurePlatform / Linux / Windows / Solaris
R76 Migration Tools – Windows / SecurePlatform / RHEL / Gaia / IPSO 6 / Solaris
R75 Migration Tools – Windows / SecurePlatform / Linux / IPSO 6 / Solaris
Deleting policy packages through the dashboard works fine but when you have 136 to delete it can take a long time. This article describes how to automate this via the CLI for a swift solution.
Using putty to access the Smartcenter:
[Expert@firewall] cp_merge export_policy
Successfully exported policy collection 'policy1'.
Successfully exported policy collection 'policy2'.
Successfully exported policy collection 'policy3'.
[Expert@firewall] cp_merge list_policy -s localhost | cut -d "'" -f 2 > policies.txt
This copies the policy names into a file named policies.txt and gets rid of any preceding or trailing characters.
First of all, issue a “cpstop” command to stop the Checkpoint services on the management centre.
[Expert@firewall]# cpstop
[Expert@firewall]# while read line; do cp_merge delete_policy -s localhost -u admin -p password -n "$line"; done < policies.txt
The output will look something like this:
Successfully deleted policy collection 'policy1'.
Successfully deleted policy collection 'policy2'.
Successfully deleted policy collection 'policy3'.
[Expert@firewall]# cp_merge -help
This is Check Point Database Merge tool NG Build NGX (R65) – Build 423.
Usage:
cp_merge merge_objects [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] -d <input directory> [-t]
cp_merge export_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name> | -l <policy name> [-f <output file>]] [-d <output directory>] [-r]
cp_merge import_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name>] [-d <input directory>] -f <input file> [-v]
cp_merge delete_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] -n <package name>
cp_merge list_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>]
cp_merge restore_policy [-s <db server>] [-u <user> | -c <certificate file>] [-p <password>] [-n <package name>] [-d <input directory>] -f <input file> -v
cp_merge delimited_policy [-s <db server>] [-u <user> | -c <certificate_file>] [-p <password>] [-l <policyname>] [-f <file name>] [-a export | import_new | import_override | import_append ] [-k security | nat | all ]
Run cp_merge -help for detailed usage
-s <server> specify database server IP / name
-c <certificate file> path to certificate file
-u <user> database administrator user name
-p <password> user's password
-d <directory> specify working directory
-help print this summary
Objects Merge options:
-t test mode - does not save
Policy Export options:
-n <package name> policy package to export
-l <policy name> export policy package which <policy name> belongs to.
-r remove the original policy from the repository
-f <file name> specify output file name (default: <policy name>.pol)
(If both '-n' and '-l' are omitted all policies are exported)
Policy Import options:
-f <file name> specify input file name
-v override existing policy if found
-n <policy name> rename policy to <policy name> when importing
Policy Restore options:
-f <file name> specify input file name
-v override existing policy if found
-n <policy name> rename policy to <policy name> when importing
Note: Restore will work only when run locally on managment server.
Policy Delete options:
-n <policy name> policy to delete
Delimited Policy Import/Export options:
-a export export policy
import_new import a new policy
import_override imported policy will replace current
import_append imported policy's rules will be appended to current
-l <policy name> policy to export to/from
-f <file name> file to export to/from
-k security | nat | all types of policy to operate on
Note: security policy file is file_name.sec, NaT policy file is file_name.nat.
Example syntax for Secure Copy scp
What is Secure Copy?
scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.
Examples
Copy the file “foobar.txt” from a remote host to the local host
$ scp your_username@remotehost.edu:foobar.txt /some/local/directory
Copy the file “foobar.txt” from the local host to a remote host
$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory
Copy the directory “foo” from the local host to a remote host’s directory “bar”
$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar
Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”
$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \ your_username@rh2.edu:/some/remote/directory/
Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host
$ scp foo.txt bar.txt your_username@remotehost.edu:~
Copy the file “foobar.txt” from the local host to a remote host using port 2264
$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory
Copy multiple files from the remote host to your current directory on the local host
$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} . $ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} . scp
Source: Example syntax for Secure Copy scp.
