Posted on Tuesday, 20th March 2012 by Michael
How to create nodes in a Checkpoint firewall from a CSV
Have you ever needed to create 100’s if not thousands of new firewall nodes or networks in your Checkpoint firewall? If so you know how tedious of a task this is and you may have even researched means to do this faster.
Research shows there are two tools to do this, the first tool being “dbedit” and it comes on your management server and the second being a toolkit called “Ofiller and Odumper” by Martin Hoz. The latter is no longer being developed but seems to still work on the newer 7.0 code and first one is pretty complex but easy to learn.
Though Ofiller and Odumper have many features and still works, I have an uneasiness using a tool on my enterprise firewalls that is no longer being developed. So to accomplish my task at hand I used dbedit and a ruby script I wrote to create a dbedit import configuration file from the CSV file of IP’s and names. To learn more about dbedit or to find the syntax for dbedit check the following URL: http://downloads.checkpoint.com/dc/download.htm?ID=5518 .
In my problem I had over 100 + nodes that needed to be created and added to a group. The CSV file I had listed the IP and the Name of the facility. Now I just had to go line by line taking column 1 input and setting that as the IP and column two input as the node name. To do this I wrote the following script:
http://www.digitaloffensive.com/files/rbcpgen.rb
This script is great for understanding how the process works and with a few tweaks it can be used on your Checkpoint Firewall as well. The script is to be run on any Linux or Windows box that supports ruby. The import that is created needs to be moved to the management server of your Checkpoint firewalls by either SCP or copying and pasting the contents of the import into a new file on the management server. Once the file is on your management server make sure you are in expert mode and issue the following command:
dbedit -f file_name –s localhost –u admin_username and then press enter and enter the password.
Before you do this make sure that your CSV file does not have any duplicates before running the script. I know I should of added it in, but this was a last minute rush job for work. Also make sure you have a backup of your database in case something breaks. You use this script at your own risk.
If you have any questions or concerns please feel free to contact me.
Posted in Code | Comments (3)
August 23rd, 2012 at 12:07 pm
The script rbcpgen.rb appears to be missing.
August 23rd, 2012 at 12:09 pm
It is in the download section: http://www.digitaloffensive.com/files/rbcpgen.rb or to see all downloads http://www.digitaloffensive.com/files/
April 30th, 2015 at 7:56 am
Thanks a lot for yout article about “How to create nodes in a Checkpoint firewall from a CSV” it works very good for me!