I need to collect Firewall Rules data belonging to my client remotely using OPSEC API. I researched a little bit on the net and found out that I could use OPSEC API's LEA(Log Export API)(more info: https://www.fir3net.com/Firewalls/Check-Point/a-quick-guide-to-checkpoints-opsec-lea.html). I also found out that there is a project named fw1-lograbber (https://github.com/certego/fw1-loggrabber). I am quite new to network security and practically do not know anything about CheckPoint Firewalls. So my question is a brief explanation on the basics of Firewall Rules for CheckPoint and how to collect them using OPSEC API. More specifically are the rules included in the checkpoint logs or is there a specific method in LEA to grab the rules?
Thank you all!
To collect firewall rules you can't use LEA, this API is able to work with CheckPoint logs.
To read rules and objects you need to use CPMI API. There are some samples at CheckPoint website, ask for your customer to download the documentation and sample.
CheckPoint OPSEC Documentation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk63026