Skip to content
/ CheckPoint-Firewall-toolkit Public

Various tools to work with CheckPoint firewall: log analysis, automatic policy generation, PBR rules creation, configuration parsers

License

Apache-2.0 license
9 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AlekzNet/CheckPoint-Firewall-toolkit

BranchesTags

Repository files navigation

CheckPoint_toolkit

Various tools to work with CheckPoint firewall

Files

  • cpconf2pbr.py - creates CheckPoint GAIA PBR rules, local PBR exceptions and adds IP-addresses to a firewall group
  • nopbr.sh - removes PBR tables and rules (CheckPoint GAIA)
  • fw_stat_ip_list.sh - shows statistics of the allowed traffic related to specified source IP-addresses
  • fw_stat_ip_list_all_dst.sh - same as fw_stat_ip_list.sh but for the list of destination IP-addresses
  • fw_stat_ip_list_10min.sh - same as above, but for every 10min
  • cparse.sh - parses objects.C and shows firewall objects in the form of name (IP-address) (IP-address) ...
  • logex.sh - convert CheckPoint firewall logs to gzipped text
  • sem_parse.awk - AWK script to parse $FWCONF/conf/sem_objects.C and generate a list of default services
  • sem_parse_posix.sh - same as above, but it's compatible POSIX AWK (CheckPoint AWK is very old and does not support GNU extensions)
  • CParser.py - converts a CheckPoint .C file into a pthon list
  • genacl.py - generates dbedit commands to update CheckPoint objects and policy (rule generation is not fully tested yet)
  • cp.sh - Shell script to remotely collect CheckPoint configs
  • cp.exp - Expect script to remotely get and save CheckPoint Clish configuration and cluster IP-addresses
  • cp.list - list of CheckPoint firewall IP's and hostnames (to download the config from or upload to)
  • ike_debug_rotation.sh - keep and rotate IKE debug logs

For both fw_stat_ip_list.sh and fw_stat_ip_list_10min.sh, the CheckPointlogs should be converted to TXT (e.g. using logex.sh) using the following format:

num;date;time;src;dst;proto;service;action

See the explanation here: https://www.alekz.net/archives/1480

logex.sh

Logex .sh converts CheckPoint firewall logs to gzipped text

Create /etc/fw/conf/logexport.ini

[Fields_Info]
included_fields=date,time,src,dst,proto,service,action,xlatesrc,xlatedst,peer gateway,<REST_OF_FIELDS>

Check/change/create the OUTDIR (see logex.sh)

Run logex.sh using the first part of the CheckPoint log names (e.g. 2019-01, 2019-01-01 or 2019-01-2[1-9], etc) as an argument:

./logex.sh  2018-12 2019-01-19 2019-01-2[1-9]

About

Various tools to work with CheckPoint firewall: log analysis, automatic policy generation, PBR rules creation, configuration parsers

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

9 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages