It doesn't appear that there's an easy way on the Check Point CLI to remove all user to IP address mappings. You can revoke a single IP at a time - but for troubleshooting you might want to wipe out the whole lot.
Sounds like a job for a dirty bash one-liner!
(From expert mode of course)
pep show user all | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '127.0.0.1' | xargs -i -p pdp revoke_ip {}
No comments:
Post a comment