Solved

Looking for way to export NAT Table from Checkpoint R65 from the CLI

Posted on 2013-05-29
3
2,174 Views
Last Modified: 2013-05-31
Hi Team,
   We are using Checkpoint R65 extensively in our environment.  We want a way to be able to run a script that logs in to individual gateways/CMAs and export the NAT tables in csv format.  Is there a common (or even hidden) command to do this from the command line?

Thanks very much.
0
Comment
Question by:rleyba828
3 Comments
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 250 total points
ID: 39206364
I don;t believe that rancid, my usual tool of choice for storing configs is capable of working with Checkpoint devices unless they are configured to save their config out as a text file.

you might take a look at a commercial product http://www.algosec.com/en/products/firewall_analyzer
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 39206787
Looks like it will have to do with the 'fwx_alloc' table then...

there are some related link on some script but yet to see if fitting - probably to fw tab -t fwx_alloc with other option and grep the necessary field as txt and parse as csv...
 
http://nvkirank.blogspot.sg/2013/03/v-behaviorurldefaultvmlo.html#!/2013/03/v-behaviorurldefaultvmlo.html
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk32224&js_peid=P-114a7ba5fd7-10001&partition=General&product=Security
0
 

Author Comment

by:rleyba828
ID: 39212305
Hi Team,   looked at both solutions above and first, we are constrained from buying additional 3rd party products and then for 'fwx_alloc above, I played and researched every possible variation of the command and it doesn't show anything about NAT, looks like its really a limitation of checkpoint.

thanks for all your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now