Missing feature - Global search across multiple CMA

Preface

Before R80.x in a MDM (Multi Domain Management) you could do a search where an object is used in all the CMA's.
Until now (R80.30) this feature is not included in SmartConsole anymore.

Script solution

• https://github.com/WadesWeaponShed/Global-IP-Search-MDS
• https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/MDS-Global-search-across-CMAs-by-IP/m-p/75906
• https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Search-multiple-CMA/m-p/35237

The Script

#!/bin/sh

JQ=${CPDIR}/jq/jq

OBJECT_NAME=$1
DOMAINS_FILE="domains.json"
PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"

echo 'Getting a list of domains...'
mgmt_cli -r true -d MDS show domains limit 500 --format json > $DOMAINS_FILE
if [ $? -eq 1 ]; then
  echo "Error getting list of domains. Aborting!"
  exit 1
fi

DOMAINS_NAMES=($($JQ -r ".objects[] | .name" $DOMAINS_FILE))

echo 'Searching for object '"$OBJECT_NAME"' in all domains...'
FOUND=0
OBJECT_UID=""

for DOMAIN in ${DOMAINS_NAMES[@]}
do
  echo 'Searching in domain '"$DOMAIN"'...'
  mgmt_cli -r true -d "$DOMAIN" show objects offset 0 limit 1 in.1 name in.2 "$OBJECT_NAME" --format json > $OBJECT_NAME.json
  if [ $? -ne 1 ]; then
    OBJECT_COUNT=$($JQ -r ".total" $OBJECT_NAME.json)
    if [ $OBJECT_COUNT -ne 0 ]; then
      FOUND=1
      OBJECT_UID=$($JQ -r ".objects[0].uid" $OBJECT_NAME.json)
      echo 'Found in domain '"$DOMAIN"'!!!'
      break
    fi
  fi
done

if [ $FOUND -ne 1 ]; then
  echo 'Object '"$OBJECT_NAME"' does not exist. Aborting!'
  exit 1
fi

echo 'Searching for object '"$OBJECT_NAME"' usages in all policy packages in all domains...'
for DOMAIN in ${DOMAINS_NAMES[@]}
do
  echo 'Searching in domain '"$DOMAIN"'...'
  mgmt_cli -r true -d "$DOMAIN" show packages limit 500 --format json > $PACKAGES_FILE
  if [ $? -ne 1 ]; then
    PACKAGES_NAMES=($($JQ -r ".packages[] | .name" $PACKAGES_FILE))
    for PACKAGE in ${PACKAGES_NAMES[@]}
    do
      echo 'Searching in package '"$PACKAGE"'...'
      mgmt_cli -r true -d "$DOMAIN" show-package name $PACKAGE --format json > $PACKAGE_FILE
      if [ $? -ne 1 ]; then
        ACCESS_LAYERS=($($JQ '.["access-layers"][] | .name' -r $PACKAGE_FILE))
        for LAYER in ${ACCESS_LAYERS[@]}
        do
          mgmt_cli -r true -d "$DOMAIN" show access-rulebase package "$PACKAGE" name "$LAYER" offset 0 limit 1 filter $OBJECT_UID --format json > $OBJECT_NAME.json
          if [ $? -ne 1 ]; then
            OBJECT_COUNT=$($JQ -r ".total" $OBJECT_NAME.json)
            if [ $OBJECT_COUNT -ne 0 ]; then
              echo 'The requested object is used in policy package '"$PACKAGE"
              break
            fi
          fi
        done
      fi
    done
  fi
done

echo 'Done!'