Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted
Accepted Solution

NetMRI with FireWall CheckPoint

Techie
Posts: 7
6780     0

Hi there,

 

Since 3 weeks, our fire-wall CheckPoint Gaia is managed with NetMRI => config file collected.

But from the first time NetMRI collected the config, CheckPoint add a line in the config file :

# Exported by admin on Fri May 25 14:03:18 2018

 

So every 90 minutes, NetMRI collect the file because of that.Each time it collect the config, CP change it after with this line. And after this 3 weeks, I have have more than 700 files archived with few changed in it ...

 

Is there a way to ignore this by NetMRI ???

May be it's a CheckPoint question .....

 

Thanks.

Highlighted

Re: NetMRI with FireWall CheckPoint

Adviser
Posts: 429
6781     0

I would open a case we can modify the DBS to fix that issue Smiley Happy

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

www.sifbaksh.com
Highlighted

Re: NetMRI with FireWall CheckPoint

[ Edited ]
Techie
Posts: 7
6781     0

What DBS means ?

 

I guess its DataBase settings ....

 

Btw thanks a lot for the info Smiley Very Happy

Highlighted

Re: NetMRI with FireWall CheckPoint

Adviser
Posts: 429
6781     0

It's DSB Smiley Happy  I got it wrong the first time

 

Device Support Bundle

 

It how NetMRI manage the devices

 

Sif

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

www.sifbaksh.com
Highlighted

Re: NetMRI with FireWall CheckPoint

Expert
Posts: 236
6781     0

I agree with Sif that the best solution is to get the official DSB for the device updated to mask that line.  That's assuming that the particular Checkpoint model is already a supported device.  Not knowing how long that might take to get through Engineering's queue, there is another way that you can do the masking yourself by creating a mini DSB.  It's an XML file that performs config collection post processing and can identify and ignore "noise" lines.  You would need to edit the basic file for the particulars of the exact Checkpoint model, as well fill in the "what is noise" and "what to do with it" sections.

 

Highlighted

Re: NetMRI with FireWall CheckPoint

Techie
Posts: 7
6781     0

Hi,

 

The current CheckPoint Firewall is supported (version R77.30) and there is only 1 line I want to skip during comparison.

I think I will head to the solution to create the DSB that will be a good paractise cause I'm new with NetMRI.

 

Thanks a lot, this community here is a really good help for me Smiley Happy

 

Highlighted

Re: NetMRI with FireWall CheckPoint

Techie
Posts: 6
6781     0

We currently have a custom DSB created with a noise filter which filters lines like the following from the config file.

 

"# Exported by admin on Fri Dec  7 08:48:42 2018"
 
This was created for Checkpoint firewalls. I have created an article KB 9927 with the DSB file attached to it and you could import it into NetMRI by going to Settings > Setup > Device Support Bundles > Import arrow from top right hand side of the window > Select file > Import > Actions > Validate DSB > after validating please test the DSB against any Checkpoint device.
 
 
-Kishore 
Highlighted

Re: NetMRI with FireWall CheckPoint

[ Edited ]
Authority
Posts: 39
6781     0

At what value should "version" be?
Each time I'm trying to import the DSB I get an Invalid DSB version error.

 

Nevermind. It seems that in newer version of NetMRI you need to add 4 digits to the version number. I guess they've added hours and minutes for more precision.

 

Highlighted

veryRe: NetMRI with FireWall CheckPoint

Techie
Posts: 2
6781     0

Thank you very much. It really helped.

Showing results for 
Search instead for 
Do you mean 

Recommended for You