This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dana_Traversie
Employee
Employee
‎2017-01-23 10:23 AM

Migrating objects using the R80 Web APIs, Python, and cpauto

Overview

This script shows how objects can be migrated from one R80 manager to another R80 or R80.10 manager programmatically using the R80 web APIs, Python, and cpauto.

Description

Script requires at least two R80/R80.10 managers with the web APIs enabled. The source manager should have some host and network objects defined for the demo to be useful.

The provided code is merely an example but is a viable pattern that can be reused for virtually all object types.

Instructions

Download the ZIP archive and run the enclosed Python script on a system that meets the following requirements:

  • Python and cpauto installed correctly
  • Network access to the source and destination R80 web API resources

For more information on cpauto: https://github.com/dana-at-cp/cpauto

Code Version

Code version 1.0.0

Tested on version

R80, API version 1.0

NOTICE: By using this sample code you agree to terms and conditions in this Not authorized to view the specified document 1042

...

cpauto-obj-migrate-demo-v1.zip
8 Replies
Irek_Romaniuk
Participant
‎2017-07-31 07:18 AM

Looks pretty solid. Just tired it with my R80.10, getting connection error, please advice

[docker@nms02m ~]$ python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import cpauto
>>> cc=cpauto.CoreClient('root','password','10.254.253.110')
>>> r=cc.login()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 196, in login
r = self.http_post('login', send_sid=False, payload=payload)
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 161, in http_post
raise ConnectionError('Connection error: ' + str(e))
cpauto.core.exceptions.ConnectionError: Connection error: HTTPSConnectionPool(host='10.254.253.110', port=443): Max retries exceeded with url: /web_api/login (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))
>>> r.status_code
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'r' is not defined

0 Kudos
Dana_Traversie
Employee
Employee
‎2017-08-10 10:17 PM

Hello Irek.

Try again with SSL certificate verification disabled:

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)

0 Kudos
Irek_Romaniuk
Participant
‎2017-08-12 10:48 AM

Thank you , I progressed a little further, getting Missing header error now ?

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)
>>> n = cpauto.Network(cc)
>>> r = n.add('Net_10.29.184.0/23', { 'subnet': '10.29.184.0', 'subnet-mask': '255.255.254.0' })
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r = cc.publish()
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r.status_code
400
>>> r.json()
{u'message': u'Missing header: [X-chkp-sid]', u'code': u'generic_err_missing_required_header'}

0 Kudos
Dana_Traversie
Employee
Employee
‎2017-08-16 07:49 AM

Hey https://community.checkpoint.com/people/iromaacad497a-dc2a-485a-9ac5-c7da8ab74009‌ ... it looks like you forgot to do cc.login() before attempting to create objects.

Irek_Romaniuk
Participant
‎2017-08-22 01:03 PM

now I finally got '200' response but can't find my network object in GUI...removed 'Unverified HTTPS request is being made' from output below

>>> r=cc.login()
>>> n=cpauto.Network(cc)
>>> r=n.add('net_1.1.1.0/23',{'subnet':'1.1.1.0','subnet-mask':'255.255.254.0'})
>>> r=cc.publish()
>>> r.status_code
200
>>> r.json()
{u'tasks': [{u'task-id': u'01234567-89ab-cdef-acb4-f3a1f5148efc', u'status': u'succeeded', u'progress-percentage': 100, u'task-name': u'Publish operation', u'task-details': [{u'revision': u'8cf71891-be04-4780-8519-5b12ed5d8bac', u'publishResponse': {u'numberOfPublishedChanges': 0}}], u'suppressed': False}]}

0 Kudos
Dana_Traversie
Employee
Employee
‎2017-08-22 01:29 PM

Hello Irek Romaniuk‌ ... I would check/print the HTTP status code after the network object add. I suspect that the object add returned a non-200 HTTP response.

You could also print the entire response object for more detail.

Irek_Romaniuk
Participant
‎2017-08-24 12:04 PM

Correct it returned 400 after he network object added

0 Kudos
John_Tammaro1
Contributor
Contributor
‎2017-08-31 06:01 AM

Is it possible to re-upload the zip file scripts.

I have tried several times to download but keep getting errors preventing me from unzipping using the default Windows 10 Zip client.

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top