topic Creating a simple access rule via API in API / CLI Discussion https://community.checkpoint.com/t5/API-CLI-Discussion/Creating-a-simple-access-rule-via-API/m-p/122639#M5960 <P>For this document we will assume that only the protocol objects and basic policy have been created.</P> <P>&nbsp;</P> <P>Current policy</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_0-1625083752305.png" style="width: 910px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12383iE2BA808961D6E4FA/image-dimensions/910x66?v=v2" width="910" height="66" role="button" title="Jon_Pahl1_0-1625083752305.png" alt="Jon_Pahl1_0-1625083752305.png" /></span></P> <P>&nbsp;</P> <P>Current layers in the default policy</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_1-1625083752308.png" style="width: 794px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12384iC3CAF88097F97BF4/image-dimensions/794x189?v=v2" width="794" height="189" role="button" title="Jon_Pahl1_1-1625083752308.png" alt="Jon_Pahl1_1-1625083752308.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Create source and destination objects. <OL> <LI>Creating a destination host object</LI> </OL> </LI> </OL> <P>Using the API call add host we have 1 required filed, Name, and require and ip address v4 or v6 via ip-address, ipv4-address or ipv6-address.</P> <P>Optional fields include</P> <P>&nbsp;</P> <P>Tags = collection of tag identifiers</P> <P>Host-servers = servers configuration</P> <P>Nat-setting</P> <P>Interfaces</P> <P>Groups</P> <P>Color</P> <P>Comments</P> <P>&nbsp;</P> <P>Don’t forget to publish</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mgmt_cli publish</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_2-1625083752316.png" style="width: 726px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12385iABAB11249B102613/image-dimensions/726x335?v=v2" width="726" height="335" role="button" title="Jon_Pahl1_2-1625083752316.png" alt="Jon_Pahl1_2-1625083752316.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_3-1625083752317.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12386iA7B52F3E29BA9085/image-size/medium?v=v2&amp;px=400" role="button" title="Jon_Pahl1_3-1625083752317.png" alt="Jon_Pahl1_3-1625083752317.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Creating a source network object</LI> </OL> <P>Using the API call ‘add network’ we create a simple network object. &nbsp;Again we have some required fields and we find the same ipv4 and v6 options as the ‘add host’ call.</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD width="129"> <P>Argument</P> </TD> <TD width="87"> <P>Require</P> </TD> <TD width="168"> <P>Description</P> </TD> </TR> <TR> <TD width="129"> <P>Name</P> </TD> <TD width="87"> <P>Yes</P> </TD> <TD width="168"> <P>Object name</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv4 or IPv6 address</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet4</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv4 address</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet6</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv6 address</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv4 or IPv6 cidr mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length4</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv4 mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length6</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv6 mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Nat-setting</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Tags</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Collection of tag identifiers</P> </TD> </TR> <TR> <TD width="129"> <P>Broadcast</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Option to allow broadcast inclusion</P> </TD> </TR> <TR> <TD width="129"> <P>Color</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Comments</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Groups</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Any group memberships</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Example</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_4-1625083752323.png" style="width: 793px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12388iC15078477D91B585/image-dimensions/793x242?v=v2" width="793" height="242" role="button" title="Jon_Pahl1_4-1625083752323.png" alt="Jon_Pahl1_4-1625083752323.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Adding an access rule</LI> </OL> <P>&nbsp;&nbsp; The rule we are going to create is one to allow SSH and HTTPS to the target server defined earlier from the network we just created. Given the number of API arguments I am simple going to refer to the reference guide. <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-access-rule~v1.7.1%20" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-access-rule~v1.7.1%20</A></P> <P>&nbsp;</P> <P>Example output</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_5-1625083752327.png" style="width: 859px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12387iC601960EB7A7C43F/image-dimensions/859x231?v=v2" width="859" height="231" role="button" title="Jon_Pahl1_5-1625083752327.png" alt="Jon_Pahl1_5-1625083752327.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>And the full API command in txt:</P> <P><EM>mgmt_cli add access-rule layer "Network" position "top" name "SSH &amp; HTTPS access to test host" action "Accept" destination "Test-Host-1" source "Admin_network" service.1 "SSH" service.2 "HTTPS"</EM></P> <P><EM>&nbsp;</EM></P> <P>Finally the finished rule.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_6-1625083752329.png" style="width: 849px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12389i6E3189229B34777D/image-dimensions/849x75?v=v2" width="849" height="75" role="button" title="Jon_Pahl1_6-1625083752329.png" alt="Jon_Pahl1_6-1625083752329.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Use cases:</P> <OL> <LI>Lab setup</LI> <LI>New application onboarding</LI> <LI>Creating your own API process. <OL> <LI>Some Check Point customers have created their own process they build host and network objects create rules all via a home grown web service.</LI> </OL> </LI> </OL> Wed, 30 Jun 2021 20:10:26 GMT Jon_Pahl1 2021-06-30T20:10:26Z Creating a simple access rule via API https://community.checkpoint.com/t5/API-CLI-Discussion/Creating-a-simple-access-rule-via-API/m-p/122639#M5960 <P>For this document we will assume that only the protocol objects and basic policy have been created.</P> <P>&nbsp;</P> <P>Current policy</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_0-1625083752305.png" style="width: 910px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12383iE2BA808961D6E4FA/image-dimensions/910x66?v=v2" width="910" height="66" role="button" title="Jon_Pahl1_0-1625083752305.png" alt="Jon_Pahl1_0-1625083752305.png" /></span></P> <P>&nbsp;</P> <P>Current layers in the default policy</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_1-1625083752308.png" style="width: 794px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12384iC3CAF88097F97BF4/image-dimensions/794x189?v=v2" width="794" height="189" role="button" title="Jon_Pahl1_1-1625083752308.png" alt="Jon_Pahl1_1-1625083752308.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Create source and destination objects. <OL> <LI>Creating a destination host object</LI> </OL> </LI> </OL> <P>Using the API call add host we have 1 required filed, Name, and require and ip address v4 or v6 via ip-address, ipv4-address or ipv6-address.</P> <P>Optional fields include</P> <P>&nbsp;</P> <P>Tags = collection of tag identifiers</P> <P>Host-servers = servers configuration</P> <P>Nat-setting</P> <P>Interfaces</P> <P>Groups</P> <P>Color</P> <P>Comments</P> <P>&nbsp;</P> <P>Don’t forget to publish</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Mgmt_cli publish</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_2-1625083752316.png" style="width: 726px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12385iABAB11249B102613/image-dimensions/726x335?v=v2" width="726" height="335" role="button" title="Jon_Pahl1_2-1625083752316.png" alt="Jon_Pahl1_2-1625083752316.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_3-1625083752317.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12386iA7B52F3E29BA9085/image-size/medium?v=v2&amp;px=400" role="button" title="Jon_Pahl1_3-1625083752317.png" alt="Jon_Pahl1_3-1625083752317.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Creating a source network object</LI> </OL> <P>Using the API call ‘add network’ we create a simple network object. &nbsp;Again we have some required fields and we find the same ipv4 and v6 options as the ‘add host’ call.</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD width="129"> <P>Argument</P> </TD> <TD width="87"> <P>Require</P> </TD> <TD width="168"> <P>Description</P> </TD> </TR> <TR> <TD width="129"> <P>Name</P> </TD> <TD width="87"> <P>Yes</P> </TD> <TD width="168"> <P>Object name</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv4 or IPv6 address</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet4</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv4 address</P> </TD> </TR> <TR> <TD width="129"> <P>Subnet6</P> </TD> <TD width="87"> <P>Yes / or #1</P> </TD> <TD width="168"> <P>IPv6 address</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv4 or IPv6 cidr mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length4</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv4 mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Mask-length6</P> </TD> <TD width="87"> <P>Yes / or #2</P> </TD> <TD width="168"> <P>IPv6 mask length</P> </TD> </TR> <TR> <TD width="129"> <P>Nat-setting</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Tags</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Collection of tag identifiers</P> </TD> </TR> <TR> <TD width="129"> <P>Broadcast</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Option to allow broadcast inclusion</P> </TD> </TR> <TR> <TD width="129"> <P>Color</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Comments</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>&nbsp;</P> </TD> </TR> <TR> <TD width="129"> <P>Groups</P> </TD> <TD width="87"> <P>No</P> </TD> <TD width="168"> <P>Any group memberships</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Example</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_4-1625083752323.png" style="width: 793px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12388iC15078477D91B585/image-dimensions/793x242?v=v2" width="793" height="242" role="button" title="Jon_Pahl1_4-1625083752323.png" alt="Jon_Pahl1_4-1625083752323.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Adding an access rule</LI> </OL> <P>&nbsp;&nbsp; The rule we are going to create is one to allow SSH and HTTPS to the target server defined earlier from the network we just created. Given the number of API arguments I am simple going to refer to the reference guide. <A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-access-rule~v1.7.1%20" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-access-rule~v1.7.1%20</A></P> <P>&nbsp;</P> <P>Example output</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_5-1625083752327.png" style="width: 859px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12387iC601960EB7A7C43F/image-dimensions/859x231?v=v2" width="859" height="231" role="button" title="Jon_Pahl1_5-1625083752327.png" alt="Jon_Pahl1_5-1625083752327.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>And the full API command in txt:</P> <P><EM>mgmt_cli add access-rule layer "Network" position "top" name "SSH &amp; HTTPS access to test host" action "Accept" destination "Test-Host-1" source "Admin_network" service.1 "SSH" service.2 "HTTPS"</EM></P> <P><EM>&nbsp;</EM></P> <P>Finally the finished rule.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jon_Pahl1_6-1625083752329.png" style="width: 849px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12389i6E3189229B34777D/image-dimensions/849x75?v=v2" width="849" height="75" role="button" title="Jon_Pahl1_6-1625083752329.png" alt="Jon_Pahl1_6-1625083752329.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Use cases:</P> <OL> <LI>Lab setup</LI> <LI>New application onboarding</LI> <LI>Creating your own API process. <OL> <LI>Some Check Point customers have created their own process they build host and network objects create rules all via a home grown web service.</LI> </OL> </LI> </OL> Wed, 30 Jun 2021 20:10:26 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Creating-a-simple-access-rule-via-API/m-p/122639#M5960 Jon_Pahl1 2021-06-30T20:10:26Z