Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Check Point ChangedPolicies tool allows the user to know which policies were affected by changes that were made in the last published session. This is useful to determine which policies should be installed.

You can adjust the code according to your organization’s policy / needs.

  • This tool can be executed on Management Server / Multi-Domain servers of version of R80.10 and up.


Clone the repository with this command:

git clone

or by clicking the ‘Download ZIP’ button.

Download and install the Check Point API Python SDK repository, follow the instructions in the SDK repository.

Usage Syntax

python [-c changes] [-u username] [-p password] [-m management] [-d domain] [-o output-file] [--port port]

• [-c --changes] (Optional): The 'show-changes' API command output encoded in base 64. Use this flag for integration with Smart Task. For more details follow the instructions below in the ["Integration with Smart Task"](#Integration with Smart Task) section

• [-d --domain] (Optional): The name or uid of the Security Management Server domain.
When running the command on a Multi domain server the default domain is the "MDS".

• [-o --output-file] (Optional): The output file name. The location in which to save the resulting .Json file.
The default is the current directory with the name 'Changed_policies.json'.

• [--port] (Optional): The port of WebAPI server on Security Management Server.
Default value is 443.

Use "-h" option in order to see the full list of options to configure the tool


  • Running the tool on a remote management server:
    python -m -u James -p MySecretPassword!
    The tool runs on a remote management server with IP address

  • Running the tool on a Multi-Domain Server for a specific domain:
    python -d -u James -p MySecretPassword!

  • Running the tool on a Security Management Server with specific output file name:
    python -o "json_file.json" -u James -p MySecretPassword!


The tool generates a Json file with the changed policies for the last published session. if you execute this tool multiple times it will update the file with the aggregated changes.

Example of output:

    "Global": {
        "4631ed09-6663-4d0c-95e0-95e26ef2a927": [
    "my_domain": {
        "02d744e0-eb92-40d6-bb59-186c522b35c1": [
            "policy package 1",

Integration with Smart Task

This tool can be integrated with Smart Task which is supported from R80.40.


  • Install the Check Point API Python SDK, follow the instructions for SDK usage from a management machine.
  • Copy the script '' to your Management machine.
  • Execute the command api fingerprint -f json | jq -r '.[0] | .["fingerprint-sha1"]' and save the output.
  • Create file named fingerprints.txt in /var/tmp/. The content should be a Json that the key is the machine IP and the value is the fingerprint (the output of the command above).
    For example:
       "": "6713548716C586ECDBF1A6693CB440071F1C89E6"
  • Create new script in Smart Console 'GATEWAYS & SERVERS' > 'Scripts' > 'Script Repository' > 'new' and call it 'Changed policies'.
    The content should contain the export command as in the SDK instruction above and the execution of the script using the '-c' / '--changes' flag with '$1' as value.
    For example:
    export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk/
    python /var/tmp/ -r true -c $1
  • Create new Smart Task in Smart Console:
     - Go to 'MANAGE & SETTINGS' > 'Tasks' > 'new' and call it 'Changed policies'.
     - Turn the task on.
     - Under 'Trigger and Action' choose 'After Publish' as trigger and 'Run Script' as the action and select the script 'Changed policies' from the repository.
     - Under 'Advanced' set the 'Time out' to be 300.
  • Publish the changes.

For more information about Smart Task go to R80.40 Administration Guide.


  • The script support only the changes of last published session.
  • The tool doesn't support changes in Threat and HTTPS layers.
  • The tool doesn't support shared layers.
  • In case of changes in Global domain in Multi Domain machine, the script should be executed from the Global domain (use the flag --domain Global).

Development Environment

The tool is developed using Python language version 2.7, version 3.7 and Check Point API Python SDK.


Check Point ChangedPolicies tool allows the user to know which policies were affected by changes that were made in the last published session.







No packages published