Export Check Point Policies to HTML or XML

Check Point polices are easy to manage when you have access to SmartDashboard. However, sometimes you may need to share these polices with other individuals, such as auditors, and it’s helpful to know how to export these in an easy to read format. Check Point actually has some decent documentation around this, but I ran into a few bumps, so here are my notes. I followed the guide below; make sure to download and install the appropriate WebVI tool before proceeding:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk64501

First – Extract the WebVI Tool to C:webvi
Next – Open command prompt and cd to C:webvi

For output of all policies in HTML:

Run this command:

cpdb2html.bat c:webvi C:webvioutput SMARTCENTER_IP_ADDRESS ADMIN_USERNAME ADMIN_PASSWORD -o All-Policies.html

The outputs will be saved in C:webvioutput

For output of individual policies in HTML:

cpdb2html.bat c:webvi C:webvioutput SMARTCENTER_IP_ADDRESS ADMIN_USERNAME ADMIN_PASSWORD  -m FW_HOSTNAME -o POLICY_NAME-Report.html

For output of all policies in XML (Preferred method!):

cpdb2web -s SMARTCENTER_IP_ADDRESS -u ADMIN_USERNAME  -p ADMIN_PASSWORD -o c:webvixslxml -w C:webvi

You should see an output similar to this after executing the command:

To view the output, open to C:webvixslindex.xml

NOTE:  This is best viewed in Firefox.  IE, Chrome and Safari do not format the XML properly.

Here is a sample screenshot of the home page you’re presented with.  You can click on the individual security policies, NAT policies, object, services and users.  Everything is navigable by click (Awesome!).

After clicking on a Security Policy, you’ll be presented with the ruleset in an almost identical format as SmartDashboard.

I have to admit, this tool is incredible.  Now you’re set to use, share and ship your policy anywhere!  Kidding – please don’t do that.  Why Check Point doesn’t move to a web-based platform like this, I’ll never understand.