https://community.checkpoint.com/t5/Firewall-and-Security-Management/Need-to-add-bond-interface-into-zone-using-CLI-or-API-Connect/m-p/196283#M36626 <P>The API does not have any support for modifying VS objects right now.</P> <P>For non-VSX clusters, you would use <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-simple-cluster~v1.9.1%20" target="_self">set-simple-cluster</A>. You need to provide the whole cluster object including all interfaces together. Any interfaces not in your list get removed from the object. You want .interfaces' "<SPAN>List: Object" parameter form. You will probably want to set security-zone to true and security-zone-settings.specific-zone to the UUID of the zone you're trying to set.</SPAN></P> <P><SPAN>For single firewalls not in a cluster, it's basically the same, but the call is <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-simple-gateway~v1.9.1%20" target="_self">set-simple-gateway</A>.</SPAN></P> <P><SPAN>Separately, I urge you to reconsider this. Security zones give you a lot of ways to shoot yourself in the foot really impressively. They cause the same traffic to behave differently depending on which interface it arrives at the firewall. Using them is a mistake, and adding them to a policy which doesn't use them today is a bad idea.</SPAN></P> Thu, 26 Oct 2023 13:41:10 GMT Bob_Zimmerman 2023-10-26T13:41:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Need-to-add-bond-interface-into-zone-using-CLI-or-API-Connect/m-p/196261#M36623 <P>Hi Team,</P><P>&nbsp;</P><P>I am working on adding the bond interfaces into zoning groups as per there environment.</P><P>Right now we have multiple Virtual System containing multiple bonding groups which need to be added into zoning groups.</P><P>Can anyone tell me if i can use API calls using python add all the bonding groups into zones which i have created.</P><P>&nbsp;</P><P>I am not able to find any article related to adding zone using CLI or API calls.</P><P>&nbsp;</P><P>Regards,</P><P>Saish</P> Thu, 26 Oct 2023 09:51:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Need-to-add-bond-interface-into-zone-using-CLI-or-API-Connect/m-p/196261#M36623 TCS-DNB 2023-10-26T09:51:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Need-to-add-bond-interface-into-zone-using-CLI-or-API-Connect/m-p/196283#M36626 <P>The API does not have any support for modifying VS objects right now.</P> <P>For non-VSX clusters, you would use <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-simple-cluster~v1.9.1%20" target="_self">set-simple-cluster</A>. You need to provide the whole cluster object including all interfaces together. Any interfaces not in your list get removed from the object. You want .interfaces' "<SPAN>List: Object" parameter form. You will probably want to set security-zone to true and security-zone-settings.specific-zone to the UUID of the zone you're trying to set.</SPAN></P> <P><SPAN>For single firewalls not in a cluster, it's basically the same, but the call is <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-simple-gateway~v1.9.1%20" target="_self">set-simple-gateway</A>.</SPAN></P> <P><SPAN>Separately, I urge you to reconsider this. Security zones give you a lot of ways to shoot yourself in the foot really impressively. They cause the same traffic to behave differently depending on which interface it arrives at the firewall. Using them is a mistake, and adding them to a policy which doesn't use them today is a bad idea.</SPAN></P> Thu, 26 Oct 2023 13:41:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Need-to-add-bond-interface-into-zone-using-CLI-or-API-Connect/m-p/196283#M36626 Bob_Zimmerman 2023-10-26T13:41:10Z