YAMDS – Yet Another MDS

One thing I like about Indeni and the new R80 (haven’t seen it, just the gossip) is the MDS will be merged with SmartCenter so that one can see all your firewalls (not a domain at a time). This takes us closer to the single-pane of glass security management solution that CheckPoint excels at. I’d like to see ALL my firewalls in one window not just a domain at a time. Indeni is similar in that it let’s you monitor all your firewalls from an enterprise view which I like (haven’t seen it in a while, but use to anyways).With SmartMonitor you only get a domain at a time and then you only get 1 firewall at a time, not even a cluster so its somewhat limited. (And remember if you have SecureXL on, the traffic stats are horked).

Anyways I diverge. So until R80 comes out with the REST API, I am working on building my own enterprise MDS that is web based. It will allow you to start Putty sessions on ALL your MDS firewalls and SmartDashboard on ALL your MDS firewalls so you don’t have to go into each domain.

Phase 1: Dump MDS – v2 – 2.4.2015 (yeah I know my code is a hack, wish I had more time)

This script filters theMDS for all your firewalls and puts them into a CSV

<Domain,fwname, mode,  IP_Address,  Software_Versions,  HW_type,d ns_name>

mode={CLUSTER, INLINE,MONITOR(Layer2Firewall)}

which I then import into a SQL database and go from there.  So I thought I’d share with you this tool because you can use it to dump into your asset tracking or script databases to access all your firewalls.

This script is cool because it gives you the hardware type and version numbers for all your firewalls. This took a bit of ‘awk’ munging to do because clusters are weird and R77.10 does clusters differently.

MDSDUMP OUT!

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • Marco  On February 5, 2015 at 3:56 am

    Hey Mike when I follow the link to g documents I can see only key for microsoft product

  • Dreezman  On February 5, 2015 at 11:39 am

    ooops forgot to share it. open now

  • JonTheNiceGuy  On February 6, 2015 at 4:09 am

    Hi, I was wondering whether you’d consider putting this code onto Github (or Gitorious or Gitlab, etc.) so that, if we were so inclined, we could make some PRs?

    • Dreezman  On February 23, 2015 at 7:36 am

      Thanks for suggestion. I’m almost too embarrassed to! If I get time.

      dreez

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: