Thursday, May 27, 2010

How to run Web Visualization tool on Checkpoint

The Web Visualization Solution
The Web Visualization solution

exports the SmartCenter's configuration into a viewable format. The
exported information represents a snapshot of the database that can be viewed offline using all
major web browsers without having to be connected to the SmartCenter Server.
The SmartCenter's configuration settings can be exported into one of the two following formats:
Simplified
Advanced
Simplified Format
This format captures all of the relevant information and places it into a single HTML file. The
information is sorted according to type and listed in alphabetical order. For example, all Gateways
will be displayed one beneath the other in alphabetical order. Since this format consolidates all of
the configuration settings into a single file, the Simplified format makes printing and emailing the
information very easy.
Advanced Format
The Advanced format gathers the data into several XML files and each XML file represents an
object table or a Rule Base. The data captured is then divided into logical segments which can be
viewed separately. This format includes icons used in SmartDashboard that are helpful in the
categorization of the objects. The Advanced format can be customized and the data in the files can
be utilized for other purposes such as using the data in other applications that can read XML. This
format also provides a set of default XSL files.
What's New
A new feature was added to the latest version of the Web Visualization Tool.
Using Certificate when running the Simplified Format - A certificate file path can be provided
instead of using a user name to run the utility.
System and Software Requirements
Supported Operating Systems:
Windows supported by SmartConsole
SecurePlatform/Linux
Solaris
IPSO
For a complete list of supported Operating System versions, see the Release Notes at
www.checkpoint.com.
Supported Software:
VPN-1 Power / UTM NGX R65
Installation
To install the Web Visualization Tool, download the .tgz file specific to your Operating System
which can be found at www.checkpoint.com and extract using gtar or gzip.
The Web Visualization Tool needs access to Check Point libraries when it is gathering data and
creating files. Therefore, the .tgz file needs to be extracted to a particular directory based on what
computer is being used. When running the utility on a SmartCenter Server, the Web Visualization
Tool may be installed anywhere on the server. When running the utility on a computer with only
SmartConsole, the Web Visualization Tool must be installed in the Program directory of the
SmartConsole.
If the tool is installed in the SmartDashboard program directory, it is alright if the installation
overwrites existing libraries. However, a backup of the libraries before the installation is
recommended.
Note - When running the utility under the Windows operating system, use cmd.exe (Start | Run
| cmd.exe).
Configuration
The Simplified utility and the Advanced utility are two separate standalone Command Line utilities
which can be used in order to implement Web Visualization.
The Simplified Format Utility
During the running of the Simplified utility an HTML file is generated. By default the HTML file is
named 1.html and is placed in the root directory where the Web Visualization Tool is installed.
cpdb2html
[-o output_file_name] [
-m host_name] [-gr] [-go]
where:
cpdb2html_path is the Web Visualization Tool's installation directory.
output_directory is the path to where the html file will be written.
SmartCenter_Server is the name or IP address of the Management server. In Provider-1 this
should be the virtual IP address associated with the CMA.
admin_name or certificate is the user name of the SmartCenter Server administrator or the
full path of the certificate file.
password is the administrator's password or the certificate password.
-o output_file_name is the name of the HTML file that will be generated, (where the default
file name is 1.html).
-m host_name is the name of the module whose database information you would like to view.
-gr is for Check Point Provider-1 users only. When this option is set the output includes
customer rules only, (no global rules).
-go is for Check Point Provider-1 users only. When this option is set the output will include
customer objects only (no global objects).
The Advanced Format Utility
When the Advanced utility is run, several XML files are generated and placed in the XML folder in
the Web Visualization Tool directory.
cpdb2web [-s SmartCenter Server] [-u admin name | -a certificate
file] [-p password] [-o output file path] [-t tables names] [-c
|-m host name | -l packages names] [-gr] [-go] -w directory
where:
-s SmartCenter Server is the name or IP Address of the SmartCenter Server. In Provider-1
the host should be the virtual IP Address of the CMA.
-u admin name is the user name of the SmartCenter Server administrator.
-a certificate file is the path of a Check Point certificate for the administrator who has
permissions for reading the Check Point objects.
-p password is the administrator's password.
-o output file path is the full path for the output files. The XML files should be placed in
the XML subdirectory of the XSL directory which comes with the package, since all related
files should be stored in the XSL directory.
-t tables names is an optional parameter that allows you to specify a specific table (where all
available scheme tables can be used). In order to export a list of tables, the tables names
should be printed using a comma as a separator. Spaces cannot be used as a separator. If this
parameter isn't specified, all the default tables (including Policies, Network Objects, Services,
Users and Communities) will be exported. However; the initial export operation of the
Communities scheme table will not include the GUI.
-c is an optional parameter that triggers the exporting of the active Policy Package only,
instead of exporting all existing Policy Packages by default. The active Policy Package is the
Policy Package that is currently open in SmartDashboard.
-m is the same as the -c option. It triggers the exporting of the active Policy Package only, but
only on the given host.
-l packages names is an optional parameter that allows you to export a specific Policy
Package, instead of exporting all existing Policy Packages by default. In order to export a list
of packages, the packages names should be printed using a comma as a separator. Spaces
cannot be used as separators.
-gr is an optional parameter relevant to Provider-1 users only. When this is switched on, the
output does not include Global Rules, but rather it contains Customer Rules only.
-go is an optional parameter relevant to Provider-1 users only. When this is switched on, the
output does not include Global Objects, but rather it contains Customer objects only.
-w directory should be used in order to have proper access to the help files.
To view the XML files:
Figure 1 Web Visualization Installation Directory
Example command : /cpdb2html.csh /var/tmp /var/tmp 192.1.4.11 "username" "password"
Output will be 1.html at home directory of logged in user.
• Run index.xml in the XSL directory to view output.

No comments: