Open tpurschke opened 4 years ago
inline layer planning
get config --> yields rules containing actions name "inner layer" with inline-layer attribute containing "name" of the inline layer and "uid": "5dffc910-a1e1-4f92-ad0d-77348d9a1e28", "name": "InlineLayer1", "type": "access-layer", "parent-layer": "0f45100c-e4ea-4dc1-bf22-74d9d98a4811", "firewall": true,
enrich config --> get additional layers referenced in top level layers by name also handle possible recursion (inline layer containing inline layer(s))
parsing during parsing add the inline layer at the correct position
next phase: how to logically link layer guard with rules in layer? --> AND of src, dst & svc between layer guard and each rule in layer?
example:
],
"action": {
"uid": "ea28da66-c5ed-11e2-bc66-aa5c6188709b",
"name": "Inner Layer",
"type": "Global",
"domain": {
"uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name": "Check Point Data",
"domain-type": "data domain"
},
"color": "none",
"meta-info": {
"validation-state": "ok",
"last-modify-time": {
"posix": 1607331033974,
"iso-8601": "2020-12-07T09:50+0100"
},
"last-modifier": "System",
"creation-time": {
"posix": 1607331033974,
"iso-8601": "2020-12-07T09:50+0100"
},
"creator": "System"
},
"tags": [],
"icon": "ApplicationFirewall/Rulebase",
"comments": "Apply inline layer in case of rule match",
"customFields": null
},
"action-settings": {},
"inline-layer": {
"uid": "5dffc910-a1e1-4f92-ad0d-77348d9a1e28",
"name": "InlineLayer1",
"type": "access-layer",
"shared": false,
"parent-layer": "0f45100c-e4ea-4dc1-bf22-74d9d98a4811",
"applications-and-url-filtering": false,
"content-awareness": false,
"mobile-access": false,
"firewall": true,
"implicit-cleanup-action": "drop",
"comments": "",
design
parse inline layers (action='inner layer'), show access rulebase (see https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/show-access-rulebase-along-with-inline-layers/td-p/33199); example:
Docs
Recipe
prerequisites
basic features
advanced features