Scribd
Upload
7 views5 pages

Offline Retrieval Tool Instructions

The document provides detailed instructions for using the Offline Retrieval Tool (ORT) to retrieve device configurations. It includes steps for setting up the virtual machine, testing network connectivity, converting device pack files, and importing configuration files into FireMon. Additionally, it outlines the expected directory structure and commands necessary for successful operation of the tool.

Uploaded by

kayzen 3003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views5 pages

Offline Retrieval Tool Instructions

The document provides detailed instructions for using the Offline Retrieval Tool (ORT) to retrieve device configurations. It includes steps for setting up the virtual machine, testing network connectivity, converting device pack files, and importing configuration files into FireMon. Additionally, it outlines the expected directory structure and commands necessary for successful operation of the tool.

Uploaded by

kayzen 3003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Offline Retrieval Tool (ORT)

Instructions
1. Download the ORT Virtual Machine Image, and import it to your preferred hypervisor (VMware
vSphere, Microsoft Hyper-V, Oracle VirtualBox)

2. Set network interface to desired using NAT, disable all unused interfaces.
3. Login with the following credentials
retrieve / R3tr13v3!

4. Test network so the resulting Virtual Machine (VM) can reach the desired devices.

a. The network interface eth0 is configured for DHCP


b. Check your IP address with ip addr command, ensure you have the desired result.
c. Once the virtual network is configured to use NAT, you should be able to access the network
d. Test connectivity to the desired device you wish to retrieve from. If you cannot reach the
device, this tool will not work.

i. ping [desired device IP address]


ping 192.168.200.11

PING 192.168.200.11 (192.168.200.11) 56(84) bytes of data


64 bytes from 192.168.200.11: icmp_seq=1 ttl=63 time=3 ms
64 bytes from 192.168.200.11: icmp_seq=2 ttl=63 time=3 ms

ii. curl -v telnet://[desired device IP address]:{desired port number]


Example for Check Point devices are the port 443 and port 18190:
curl -v telnet://192.168.200.11:443

* Rebuilt URL to: telnet://192.168.200.11:443/


* Trying 192.168.200.11...
* TCP_NODELAY set
* Connected to 192.168.200.11 (192.168.200.11) port 443

<Type ctrl-C to interrupt and return to the prompt>

curl -v telnet://192.168.200.11:18190

* Rebuilt URL to: telnet://192.168.200.11:18190/


* Trying 192.168.200.11...
* TCP_NODELAY set
* Connected to 192.168.200.11 (192.168.200.11) port 18190

<Type ctrl-C to interrupt and return to the prompt>

5. Home directory is /home/retrieve

1
6. At /home/retrieve directory, check if there is a folder called devpack_staging.

The directory structure of /home/retrieve directory should be like this:

7. Change to the directory /home/retrieve/retrieval_tool

The directory structure of retrieval_tool directory should be like this:

============ OPTIONAL STEPS ============


===== Depending on your FireMon version ====

8. [Ask FireMon Support or FireMon SE for the files] Use scp, filezilla, winscp or the application of
your choice to upload the device pack files compatible with your FireMon version (e.g., 9.2.x)
into the folder devpack_staging you have created on the steps above

9. Ensure you are located in the retrieval_tool folder:

cd /home/retrieve/retrieval_tool

10. Convert the device pack files to .json format, storing them on the config folder. This action can
be performed using the following commands:

~/bin/extract_devpack.sh -c config -d devpacks -s ~/devpack_staging

========================================
========================================

2
11. Using vim, edit the [device_pack].json file in the config folder, add the retrieval settings
according to your environment. On this example (checkpoint_cma_r80-9.3.12.json):

vim config/checkpoint_cma_r80-9.3.12.json

Add the following data to the retrievalSettinngs section:


"retrievalSettings": {
"managementIp": "<YOUR_CMA_IP>",
"ignorePolicyPackegeNames": "",
"port": 443,
"domain": "",
"cpmiPort": 18190,
"cpmiPassword": "<YOUR_CMA_PASSWORD>",
"cpmiUsername": "<YOUR_CMA_USER>"
}

Your file will look like the following picture:

3
12. Ensure you are located in the retrieval_tool folder, and run the tool with the command:

./run_retrieval.sh

It will ask you for the configuration directory and configuration file. Configuration directory will always be
config, and on this example we are using Check Point configuration file as below:

Configuration Directory: config


Configuration File: checkpoint_cma_r80-9.3.12.json

The process will retrieve the configuration from the device and create a folder and archive it on a
.tar file with the required configuration files within it.

Running command: /home/retrieve/retrieval_tool/bin/OfflineRetrieve -e


/usr/libexec/firemon -d /home/retrieve/retrieval_tool/devpacks -o
/home/retrieve/retrieval_tool/output -c config/checkpoint_cma_r80-
9.3.12.json

Creating output path: /home/retrieve/retrieval_tool/output/e974dfea-21c2-


daa7-90d2-75d5b6f46e05

Starting Check Point R80 retrieval

Retrieval succeeded
Renaming retrieved files
Creating the manifest file

Archiving configuration files to


/home/retrieve/retrieval_tool/output/e974dfea-21c2-daa7-90d2-
75d5b6f46e05.tar

13. Use scp, filezilla, winscp or the application of your choice to download the resulting .tar file from
the output folder to your local machine

14. Use tar -xvf [filename].tar to extract the files in the tar file. These files will be used to
upload the configuration into the FireMon solution.

4
Import configuration files into FireMon
1. Login to FireMon server and ensure you are in the Administration module (upper-left black menu).
2. Go to “Device > Devices” or “Device > Management Stations”, depending upon the device type you are
interested in importing configuration files.
3. Create a new device or management station
a. Under Device Settings, fill in some random text for credentials
b. Disable Change Monitoring checkbox
4. Left-click on the far-right icon associated with the device, then select Import Device Configuration Files

5. Respond to the popup window by selecting all the files created by the Offline Retrieval Tool, the folder
that was created by the tar -xvf command, then click Import button.
6. Wait a few minutes for all devices and their security policies to be imported.

7. Pull down the black Administration menu, select Security Manager and you should see Overview
Dashboard screen appear

a. “Policy > Dashboard” shows clean-up opportunities, improvement opportunities and other high
level key performance indicators for policy quality/cleanup.
b. “Policy > Security Rules” all the imported policies will appear; upper right-hand corner shows how
many policies were found in how much time.
c. “Compliance > Assessment Results” will show how the default Best Practices assessment judged
the policies you just imported.
d. In the upper-right corner, “Report > Reports Library” you will see some of the available reports to
run.

This should get you started without additional hand-holding or use cases you may want to investigate.

You might also like