Working with dbedit

Introduction to dbedit

dbedit is a CLI utility that lets you make changes to objects in the Check Point databases (see skI3301).

Run dbedit in these modes:

• Interactive - For a few changes to the database
• Batch - Import many changes at one time

We recommend that you use batch mode (dbedit -f) for automation scripts. You can write the script on the Security Management Server or Multi-Domain Server with standard Linux commands, or import a text file with the script.

Launching the dbedit Utility

When the dbedit prompt is showing, you can run dbedit commands or scripts. Before you use the dbedit utility, make sure that you can log in to Expert mode on the Security Management Server or Multi-Domain Server.

To launch the dbedit utility:

1. Log in to the CLI of the Security Management Server or Multi-Domain Server.
2. Enter Expert mode, run expert

   The Expert prompt is shown.

3. Run dbedit
4. Enter the name of the Security Management Server or Multi-Domain Server:
   • For localhost, press Enter
   • For a remote connection, enter the hostname or IP address

   The dbedit prompt is shown.

   Please enter a command, -h for help or -q to quit: dbedit>

Using dbedit Commands in a Script

Use these dbedit commands to create and configure objects and rules:

• create - Creates the object
• modify - Changes the applicable object
• update - Commits the most recent change to the Security Management Server database
• update_all - Commits all the changes to the Security Management Server database

This table shows sample commands and the results.

Example	Result
create network net-internal	Creates the object for the network net-internal
modify network_objects gateway-10 ipaddr 192.0.2.100	Changes the IP address of the gateway-10 object to 192.0.2.100
update network_objects net-internal	Saves the changes for the net-internal objects and updates the Security Management Server database

Locking the Database

We recommend that you use the -globallock option when you use dbedit to make changes to the Security Management Server database. dbedit partially locks the database, if a user configures objects with SmartDashboard, there can be problems in the database. The -globallock option does not let SmartDashboard or a dbedit user make changes to the database.

When the -globallock option is enabled, dbedit commands run on a copy of the database. After you change the database and run the savedb command, it is saved and committed on the actual database. You can use the savedb command multiple times in a dbedit script.

At the end of a script, it is a best practice to run these commands:

# update_all

# savedb

Showing Parameters for a Sample Object

You can create sample objects in SmartDashboard that have the parameters that you are using in a script or dbedit command. Export these objects to help make sure that you are using the correct names for the parameters. You can show the parameters in plain or XML format.

To show the parameters for a sample SmartDashboard object:

1. In SmartDashboard, create the object that uses the necessary parameters and settings.
2. From the dbedit prompt, run one of these commands:
   • print network_objects <object name>
   • printxml network_objects <object name>