Improve Checkpoint Firewall-1 Reports !
Background
In my opinion, Checkpoint Software Firewall-1 lacks a good printing tool that would be able to generate
on a single document all the properties, the object definition and the policy rules
defined in the current Policy.
inspect2xml creates XML representation of Checkpoint Firewall-1 Policy Rules
using the INSPECT representation of the Policy.
The INSPECT representation of the current Policy can be retrieved using the "Policy/View..."
menu option in the SmartDashboard.
inspect2xml can then be used to parse this representation and creates
a XML tree describing the Policy.
Then you can use any XSLT Processor (like sablotron) to transform the XML into a
nice HTML document for example...
Usage & Technical Details
Steps to create a HTML document for a Firewall-1 Policy:
- Open the SmartDashboard and select the "Policy/View..." menu option.
The current policy is displayed in a small centerd window.
Copy the whole text (Ctrl-C).
- Open the notepad and paste the Policy text in a new document
- Save the new document under the "txt" directory for example
- Run inspect2xml to create the corresponding XML document:
c:> inspect2xml -i txt\policy.txt -o xml\policy.xml
- Run sablotron to create the HTML document:
c:> sabcmd xsl\test4.xsl xml\policy.txt www\policy.html
- Open "www\policy.html" in your favorite browser !
- inspect2xml version 0.1
- a working version sablotron XSLT Processor
- a sample XSL stylesheet to show how to transform the XML into a "nice" HTML document
Linux version will be available soon.
Note: this tools is far from perfect !
- Don't hesitate to report parsing errors displayed by inspect2xml
- Note that month and days are numbered starting from 0 in Time Objects
- A second version will be able to access directly the Policy objects using OPSEC/CPMI API.
Reports will be much more complete...
This site is maintained by jdelamarche@maje.biz