https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159870#M7200 <P>I've labelled this as converting mesh to star; that being said, our specific issue is that we are adding in a local DR gateway, don't want to lose secrets, and don't want to mesh the two at our end. &nbsp;Historically for this customer, these kinds of point to point VPNs were set up as mesh, which was probably never ideal.</P><P>SO.... there is no official way to convert from a mesh to a star. &nbsp;This is a shame. &nbsp;A mesh is very obviously a subset of star, with only centre gateways in use, so it should be possible to upgrade.</P><P>A little scripting testing shows that this is possible, and in fact the key differentiator is the "featuresPreset" field on the generic-bject, which seems to allow fairly flexible conversion. &nbsp;In fact, I've basically solved the problem. &nbsp;I'm going to show you the code, and many arms will go up in horror:</P><LI-CODE lang="python">#!/bin/bash mc() { mgmt_cli -s SID -f json $* } mgmt_cli -m 127.0.0.1 login |tee SID COMM="$1" COMMUID=$(mc show vpn-communities-meshed | jq -r --arg NAME "${COMM}" '."objects"[] | select(."name" == $NAME).uid') #mc show generic-object uid ${COMMUID} mc set generic-object uid ${COMMUID} \ featuresPreset "e2e58d83-37af-3659-ae43-072580b4ea5d" \ icon VPNCommunities/Star \ topology STAR mc logout rm SID</LI-CODE><P>&nbsp;</P><P>This actually works much better than I was expecting. &nbsp;I was expecting danger, but I observe that updating featuresPreset to match normally-created star communities works perfectly. &nbsp;Object type fields are automatically adjusted to reflect the new object type. &nbsp;This gives me confidence that this is legitimate. &nbsp;And happily, gateways from the mesh are now listed perfectly as centre gateways in the updated object.</P><P>So... other than general latent fear, does anyone know of anything that could go wrong? &nbsp;Any changes that don't cascade correctly from this, or other corruption?</P><P>Thank you!</P><P>&nbsp;</P> Tue, 18 Oct 2022 16:28:21 GMT Greg_Harewood 2022-10-18T16:28:21Z https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159870#M7200 <P>I've labelled this as converting mesh to star; that being said, our specific issue is that we are adding in a local DR gateway, don't want to lose secrets, and don't want to mesh the two at our end. &nbsp;Historically for this customer, these kinds of point to point VPNs were set up as mesh, which was probably never ideal.</P><P>SO.... there is no official way to convert from a mesh to a star. &nbsp;This is a shame. &nbsp;A mesh is very obviously a subset of star, with only centre gateways in use, so it should be possible to upgrade.</P><P>A little scripting testing shows that this is possible, and in fact the key differentiator is the "featuresPreset" field on the generic-bject, which seems to allow fairly flexible conversion. &nbsp;In fact, I've basically solved the problem. &nbsp;I'm going to show you the code, and many arms will go up in horror:</P><LI-CODE lang="python">#!/bin/bash mc() { mgmt_cli -s SID -f json $* } mgmt_cli -m 127.0.0.1 login |tee SID COMM="$1" COMMUID=$(mc show vpn-communities-meshed | jq -r --arg NAME "${COMM}" '."objects"[] | select(."name" == $NAME).uid') #mc show generic-object uid ${COMMUID} mc set generic-object uid ${COMMUID} \ featuresPreset "e2e58d83-37af-3659-ae43-072580b4ea5d" \ icon VPNCommunities/Star \ topology STAR mc logout rm SID</LI-CODE><P>&nbsp;</P><P>This actually works much better than I was expecting. &nbsp;I was expecting danger, but I observe that updating featuresPreset to match normally-created star communities works perfectly. &nbsp;Object type fields are automatically adjusted to reflect the new object type. &nbsp;This gives me confidence that this is legitimate. &nbsp;And happily, gateways from the mesh are now listed perfectly as centre gateways in the updated object.</P><P>So... other than general latent fear, does anyone know of anything that could go wrong? &nbsp;Any changes that don't cascade correctly from this, or other corruption?</P><P>Thank you!</P><P>&nbsp;</P> Tue, 18 Oct 2022 16:28:21 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159870#M7200 Greg_Harewood 2022-10-18T16:28:21Z https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159891#M7201 <P>Cue the disclaimer about using Generic Objects:</P> <UL> <LI>generic-object is a way to manipulate (parts of) objects that don't have a formal API endpoint.</LI> <LI>We don't provide formal support for tweaking anything tweaked via generic-object APIs.</LI> <LI>Formal API endpoints should be used where possible, which are fully supported and have guaranteed backward compatibility.</LI> </UL> <P>Having said all that, it's great that it works. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 18 Oct 2022 20:10:28 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159891#M7201 PhoneBoy 2022-10-18T20:10:28Z https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159915#M7205 <P>Wow, ingenious</P> Wed, 19 Oct 2022 07:39:49 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Converting-a-MESH-to-a-STAR-COMMUNITY-mgmt-cli/m-p/159915#M7205 _Val_ 2022-10-19T07:39:49Z