Query Objects DB for an existing service

Symptom:

Requires confirmation of whether a transport-proto / port combo is already in use as a service. This helps avoid duplicate service creation when planning RFC.

Problem:

Though SmartDashboard has the ability to query the network objects of a Check Point management database (by IP address or other means: right-click “Network Objects” in objects nav-tree tab and “Query Objects…”) it DOES NOT have the ability to do so for services.

Solution

This assumes that the security management server is the localhost. It is not recommended to run this command from a gateway to query a remote SMS (you would need to change the localhost to the IP of the SMS, and add additional queryDB_util arguments in order to provide username and password; the latter being why it is not recommended). This command only works on *nix variants (so in order to run on a Windows SMS, you would have to run from the gateway tho we currently have no requirement to do so). The awk command can be altered to include other interesting fields (hint: exclude trailing grep and awk to determine all fields available)…

Run the following command in expert mode on the SMS, replacing the variable <X> with the port in question:

printf “localhost\n-t services -pf\n-q\n” | queryDB_util | grep -B 15 -A 9 “port: <X>” | awk ‘/Object Name:/ {print;} /\Wport:/ {print;} /\Wtype:/ {print;}’

This will output the object name, followed by the port number (grep “port: 443” will match “port: 4434” so this is needed to confirm line matches what you wanted to query), and the transport protocol (as “type: <proto>” line).

Example output where <X>=443:

Object Name: CP_SmartPortal
port: 4433
type: Tcp
Object Name: https
port: 443
type: tcp

 

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.