Alexander Kim

New Gaia features (Security Gateway REST API and dynamic CLISH)

Blog Post created by Alexander Kim Employee on Dec 6, 2018

Hi,

 

I would like to invite you to try out two new Gaia features which may provide a great deal of simplicity in day-to-day operation. You can find a short description below, followed by dates, available versions and contacts.

 

Both of them deal with the way we configure settings on Gaia gateways. We are used to tools like clish and WebUI, and in many cases we even need to switch to expert mode to set/get some of the gateway settings. These two projects are aimed to simplify and organize this.

 

  • Dynamic CLI

        

 

The idea is very simple – pull any expert command/script/binary to real clish command. But, unlike “extended command”, we are talking about real clish – with friendly syntax, auto completion, full RBA support (roles/features/users), history and more…

 

Example : instead of assigning admin privileges to the operator in order to run

 

#fw tab –t connections –f

 

Just stay in clish and type

 

>show security-gateway table connections formatted

 

And enjoy the auto completion (including the list of available firewall tables), help strings, and a peace of mind knowing that this operator will only be able to see the tables but not delete them, for example.

 

The feature brings in the infrastructure, the coverage of possible expert commands to be ported into clish is ongoing, and the list can be augmented based on what the field needs.

 

===========================================================================================

 

  • Ender (Gaia REST APIs)

                    

 

 

This one is a bit fancier – running a REST daemon on Gaia gateway, allowing remote configuration based on HTTP with JSON arguments and JSON response. Similar to existing Mgmt APIs, but this time covering any gateway configuration, any clish command, any expert command/binary or any flow combining a group of clish/expert commands in one URL.

 

Any sort of automation/orchestration or remote monitoring/debugging on the gateway (or Mgmt server) can be achieved with this feature over REST, including Ansible and Terraform support.

 

===========================================================================================

 

Cool, so how do I get it and when ?

 

Both of the features are now in EA, beta versions available (can be installed on top of R80.10 or R80.20). They come as a separate self-updateable hotfixes, and do not block the customer from installing JHFs on top of it (sweet, right ? ). We plan to release an SK with a downloadable package for each of the features by the end of this month - stay tuned.

 

Please, do not hesitate to contact Linor, Tal and myself for more details or if you want the EA version packages to play around with…

 

Cheers,

Kim

Outcomes