Tuesday, 3 September 2013

Check Point - Clear Identity Awareness user to IP mappings

It doesn't appear that there's an easy way on the Check Point CLI to remove all user to IP address mappings. You can revoke a single IP at a time - but for troubleshooting you might want to wipe out the whole lot.

Sounds like a job for a dirty bash one-liner!

(From expert mode of course)

 pep show user all | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '127.0.0.1' | xargs -i -p pdp revoke_ip {}  

No comments:

Post a Comment