https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-select-a-Security-profile-via-API/m-p/21519#M1348 <HTML><HEAD></HEAD><BODY><P class="">Hi Team</P><P class=""></P><P class="">I have been working on automating site2site vpn with a Check Point Gateway and an Interoperable device, and setting up a vpn community.&nbsp;</P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7668-how-to-add-interoperative-device-via-api">https://community.checkpoint.com/message/18635-how-to-add-interoperative-device-via-api</A>&nbsp;</P><P class=""></P><P class=""><SPAN style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">The next step my search to complete my use of API is Add my site2site firewall rule to gateway cluster Security policy.&nbsp;</SPAN></P><P class="">When I use the active example from the API doc it us being published to the standard security profile. I’ve &nbsp;multiple profile to each of my rule set per secure gateway.</P><P class="">I have been able find my security profiles by using commands to extract uid.&nbsp;</P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7703-how-to-find-generic-object-that-is-not-defined-in-the-api">https://community.checkpoint.com/message/18729-how-to-find-generic-object-that-is-not-defined-in-the-api</A>&nbsp;</P><P class=""></P><P class=""><SPAN style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">And I also had to find out how to extract and set values I dont find any documentation of.</SPAN></P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7701-missing-api-possibility-to-set-vpn-community-star-objects">https://community.checkpoint.com/message/18727-missing-api-possibility-to-set-vpn-community-star-objects</A></P><P class="">For example how to set ipsec and ike rekey values because Cisco device ASA5506 or Cisco router 1921/1941 have been configured differnetly than default vpn community values as 1440 min, and 86400 sec.</P><P class=""></P><P class="">I can publish a firewall rule</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>#############################<BR /># Add FW rule <BR />#############################<BR /># Name of rule WP-&lt;Parkname&gt;<BR /># source "Hobro_Scada_Internal" &amp; "WP_Gettrup_Internal_Network"<BR /># destination "WP_Gettrup_Internal_Network" &amp; "Hobro_Scada_Internal" <BR /># services "Vestas Park Services"<BR /># vpn-community "WP-Gettrup"<BR /># action "Accept"<BR /># track "Log"<BR /># install-on "gwcluster"</P><P>mgmt_cli -u admin add access-rule layer "Network" position 1 name "Windpark Getrrup" source.1 "Hobro_Scada_Internal" source.2 "WP_Gettrup_Internal_Network" destination.1 "WP_Gettrup_Internal_Network" destination.2 "Hobro_Scada_Internal" service.1 "Vestas Park Services" vpn "WP-Gettrup" action "Accept" track.type "Log" install-on "gwcluster"</P></BLOCKQUOTE><P class=""></P><P class="">As you can see it add itself to the security policy [Standard]</P><P class=""><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/65342_pastedImage_3.png" /></P><P class=""></P><P class="">How do I select a security profile by either using the name or uid to publish my new firewall rule?</P><P class=""></P><P class="">Thanks</P><P class="">Kim</P></BODY></HTML> Fri, 04 May 2018 05:37:57 GMT Kim_Moberg 2018-05-04T05:37:57Z https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-select-a-Security-profile-via-API/m-p/21519#M1348 <HTML><HEAD></HEAD><BODY><P class="">Hi Team</P><P class=""></P><P class="">I have been working on automating site2site vpn with a Check Point Gateway and an Interoperable device, and setting up a vpn community.&nbsp;</P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7668-how-to-add-interoperative-device-via-api">https://community.checkpoint.com/message/18635-how-to-add-interoperative-device-via-api</A>&nbsp;</P><P class=""></P><P class=""><SPAN style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">The next step my search to complete my use of API is Add my site2site firewall rule to gateway cluster Security policy.&nbsp;</SPAN></P><P class="">When I use the active example from the API doc it us being published to the standard security profile. I’ve &nbsp;multiple profile to each of my rule set per secure gateway.</P><P class="">I have been able find my security profiles by using commands to extract uid.&nbsp;</P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7703-how-to-find-generic-object-that-is-not-defined-in-the-api">https://community.checkpoint.com/message/18729-how-to-find-generic-object-that-is-not-defined-in-the-api</A>&nbsp;</P><P class=""></P><P class=""><SPAN style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">And I also had to find out how to extract and set values I dont find any documentation of.</SPAN></P><P class=""><A _jive_internal="true" href="https://community.checkpoint.com/thread/7701-missing-api-possibility-to-set-vpn-community-star-objects">https://community.checkpoint.com/message/18727-missing-api-possibility-to-set-vpn-community-star-objects</A></P><P class="">For example how to set ipsec and ike rekey values because Cisco device ASA5506 or Cisco router 1921/1941 have been configured differnetly than default vpn community values as 1440 min, and 86400 sec.</P><P class=""></P><P class="">I can publish a firewall rule</P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>#############################<BR /># Add FW rule <BR />#############################<BR /># Name of rule WP-&lt;Parkname&gt;<BR /># source "Hobro_Scada_Internal" &amp; "WP_Gettrup_Internal_Network"<BR /># destination "WP_Gettrup_Internal_Network" &amp; "Hobro_Scada_Internal" <BR /># services "Vestas Park Services"<BR /># vpn-community "WP-Gettrup"<BR /># action "Accept"<BR /># track "Log"<BR /># install-on "gwcluster"</P><P>mgmt_cli -u admin add access-rule layer "Network" position 1 name "Windpark Getrrup" source.1 "Hobro_Scada_Internal" source.2 "WP_Gettrup_Internal_Network" destination.1 "WP_Gettrup_Internal_Network" destination.2 "Hobro_Scada_Internal" service.1 "Vestas Park Services" vpn "WP-Gettrup" action "Accept" track.type "Log" install-on "gwcluster"</P></BLOCKQUOTE><P class=""></P><P class="">As you can see it add itself to the security policy [Standard]</P><P class=""><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/65342_pastedImage_3.png" /></P><P class=""></P><P class="">How do I select a security profile by either using the name or uid to publish my new firewall rule?</P><P class=""></P><P class="">Thanks</P><P class="">Kim</P></BODY></HTML> Fri, 04 May 2018 05:37:57 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-select-a-Security-profile-via-API/m-p/21519#M1348 Kim_Moberg 2018-05-04T05:37:57Z https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-select-a-Security-profile-via-API/m-p/21520#M1349 <HTML><HEAD></HEAD><BODY><P>Hi, this is because you specified the layer “network” at your add access-rule call. Find out the name of the policy layer of the other policy and change your “add access-rule” call. Some of these names for layers may have been created automatically based on logics that I described at&nbsp;<A href="https://community.checkpoint.com/message/16940-editing-policy-from-no-layers-to-2-layers" target="_blank">https://community.checkpoint.com/message/16940-editing-policy-from-no-layers-to-2-layers</A>&nbsp;</P></BODY></HTML> Fri, 21 Jun 2019 09:10:31 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-select-a-Security-profile-via-API/m-p/21520#M1349 Tomer_Sole 2019-06-21T09:10:31Z