Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Decker
Advisor

R80 Management API readiness verification

Dear members,

Recently there were repeated questions on how to verify whether Management API is enabled/active/running/can be connected etc.

Here are some useful tips:

The management APIs are installed as part of any R80 management server (single management and multi-domain).

Although the Management API server is installed on all management servers, it may not be active on some machines:

1. By default, the API server s active on management servers with 4GB of RAM (or more) and on stand-alone servers with 8GB of RAM (or more).

2. Even if your management server has less RAM and as a result the API server is not activated, it is still possible to activate it.

The best way to verify the API server status is to run the "api status" command on your management server - 

and in R80 SmartConsole GUI - 

The "Automatic Start" and "Accessibility" options can be set both from GUI in the above screenshot, or from GAIA promp by using the set api-settings API command.

The Apache default GAIA port is 443. But sometimes the customer may change this port to another value. In this case, you must use that port number when logging into API server -

mgmt_cli login -r true --port 5555

Permission to access the Management API server must be assigned to the user in order to login with user credentials (using username and password).

This is done in SmartConsole GUI by configuring and assigning the correct permission profile - 

Do not forget to grant additional permissions in order to commit changes...

During the login to API server there is a GAIA certificate validation. The certificate file "server.crt" is located in "/web/conf" folder.

You should verify that this certificate file doesn't contain Windows CRLF line terminators by running the unix "file" command on certificate file, in the case you still fail to login.

If it reports "ASCII text, with CRLF line terminators", either run the dos2unix tool on the certificate file oContact Check Point Support to get a Hotfix for this issue.

Hope this helps.

Any additional insights or comments are welcome.

Robert.

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events