check_point.gaia config ssl tls not available

Daniel_ — Thu, 03 Apr 2025 11:55:15 GMT

In clish we can set tlsv1.3 with

set ssl tls TLSv1.3 on

With ansible or nativ API this is not possible.

Have I overlooked this in the documentation or is there no API-first strategy in Check Point?
And check_point.gaia.cp_gaia_run_script is not API-first....

Re: check_point.gaia config ssl tls not available

PhoneBoy — Thu, 03 Apr 2025 16:21:00 GMT

You are correct that the only way to do this currently is via run-script.
Hopefully this is something we will address in a future release.

API-first implies that the product was designed from the ground up with the relevant APIs.
The Check Point security gateway product (called FireWall-1 in 1993) predates REST APIs themselves (which were only a concept back in 2000).
We have our own APIs (OPSEC) that date back to the mid-1990, some of which are still in use today.

For new features, we definitely try to be API-first, of course (using REST).
Existing features either have to have REST APIs implemented for them (which we are continuing to do in every release) and/or be re-implemented in a REST API friendly way.
This was at least part of the motivation for VSnext (replacement for VSX) and ElasticXL (replacement for ClusterXL) in the R82 release.
It's also why Web SmartConsole still has some limitations compared to the Windows SmartConsole client, though there is currently a major effort underway to close the gaps between the two.

topic check_point.gaia config ssl tls not available in Ansible

check_point.gaia config ssl tls not available

Re: check_point.gaia config ssl tls not available