Pull List of Natted IPs from Checkpoint R65 Firewalls?

A B
A B used Ask the Experts™
on
I have given a range of Public IPs my company owns and tasked with listing all of the natting rules for these IPs.  Basically they want to know what the Public IPs are natted to internally.  Any ideas of how I can provide this?  I work for a large company with an extensive network so going through each rule on each firewall would be a long and tedious process.

thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hi,

I've thought about this and I can't think of anything that will do this. CheckPoint standard GUI certainly will not do this; I thought that Eventia Reporter might (or the Reporting Blade as it's now known) but can't find any reference to rulebase reviews / reports in there either ..

The only thing that might be possible is to parse the rulebases file manually (via scripting) and try pulling out some information that way.

Another avenue to explore might be object filler/dumper; check out http://fireverse.org/?page_id=88

HTH

Commented:
Hi,

this is an area where the checkpoint GUI isn't as good as searching through a Pix config but your IP allocations should have been documented in your company. I think you'll have to do some manual searches but only on the external facing firewalls where that public range comes into your network. Talk to the network team about how that range is routed on your network. It would be possible but very awkward to route those IPs to internal firewalls. One helpful command would be ' fw ctl arp ' on the individual firewalls to see what IPs they are ARPing for.
After that you will need to use search --> query network objects in smartdashboard on the relevant management station. That will tell you which NAT rules in which policies your IPs are used in.
Of course once you have all the info document it. It will save time in the future and could be invaluable for troubleshooting a major incident.

Iclid
Cyber Security Operations Enginner
Commented:
I am the network team and the firewall admin.  We have hundreds of rules and 15 checkpoint firewalls.  Thanks anyway.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial