Groups with Exclusions

Bob_Zimmerman — Sun, 01 Jan 2023 20:16:53 GMT

I'm working on ingesting and creating group-with-exclusion objects. In SmartConsole, you can only pick groups for the include and exclude relationships. In the API, it looks like you can pick any traffic endpoint, but not some objects like "None":

[Expert@DallasSA]# mgmt_cli -r true login > session.txt [Expert@DallasSA]# mgmt_cli -s session.txt -f json add group-with-exclusion name TestGWE include 97aeb36a-9aea-11d5-bd16-0090272ccb30 except 97aeb369-9aea-11d5-bd16-0090272ccb30 details-level full { "code" : "err_validation_failed", "message" : "Validation failed with 1 blocking-error", "blocking-errors" : [ { "message" : "The main group must contain IP-Based objects only." } ] } [Expert@DallasSA]# mgmt_cli -s session.txt -f json show networks | jq -c '.objects[]|[.uid,.name]' ["b6f64342-f13c-4d60-9435-278d35bd2851","CP_default_Office_Mode_addresses_pool"] ["caee1116-8087-4310-9208-b422d3628a7e","IPv6_Link_Local_Hosts"] [Expert@DallasSA]# mgmt_cli -s session.txt -f json add group-with-exclusion name TestGWE include b6f64342-f13c-4d60-9435-278d35bd2851 except caee1116-8087-4310-9208-b422d3628a7e details-level standard { "uid" : "2a534519-b8c3-4128-b9ef-d4ec9e0bdfb7", "name" : "TestGWE", "type" : "group-with-exclusion", "domain" : { "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde", "name" : "SMC User", "domain-type" : "domain" }, "include" : { "uid" : "b6f64342-f13c-4d60-9435-278d35bd2851", "name" : "CP_default_Office_Mode_addresses_pool", "type" : "network", "domain" : { "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde", "name" : "SMC User", "domain-type" : "domain" }, "subnet4" : "172.16.10.0", "mask-length4" : 24, "subnet-mask" : "255.255.255.0", "icon" : "NetworkObjects/network", "color" : "black" }, "except" : { "uid" : "caee1116-8087-4310-9208-b422d3628a7e", "name" : "IPv6_Link_Local_Hosts", "type" : "network", "domain" : { "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef", "name" : "Check Point Data", "domain-type" : "data domain" }, "subnet6" : "fe80::", "mask-length6" : 64, "icon" : "NetworkObjects/network", "color" : "black" }, "groups" : [ ], "comments" : "", "color" : "black", "icon" : "General/group", "tags" : [ ], "meta-info" : { "lock" : "unlocked", "validation-state" : "ok", "last-modify-time" : { "posix" : 1672603849758, "iso-8601" : "2023-01-01T20:10+0000" }, "last-modifier" : "WEB_API", "creation-time" : { "posix" : 1672603849758, "iso-8601" : "2023-01-01T20:10+0000" }, "creator" : "WEB_API" }, "read-only" : true }

97aeb36a-9aea-11d5-bd16-0090272ccb30 is the UUID for the "None" object. Can't put that in the 'include' of a GWE.

Is all this expected? I definitely can't use SmartConsole to make that object.

Re: Groups with Exclusions

PhoneBoy — Mon, 02 Jan 2023 14:20:52 GMT

@Omer_Kleinstern

Re: Groups with Exclusions

Youssef_Obeidal — Wed, 04 Jan 2023 09:22:41 GMT

I see that APIs are missing validations.

that you for reporting that, we will solve it ASAP.

Re: Groups with Exclusions

Bob_Zimmerman — Wed, 04 Jan 2023 15:12:37 GMT

What is intended to be able to go in the "include" property? Only Any or a group?

What about the "exclude" property? Only a group?

If those are the intent, I'll add checking on my end as well.

topic Re: Groups with Exclusions in API / CLI Discussion

Groups with Exclusions

Re: Groups with Exclusions

Re: Groups with Exclusions

Re: Groups with Exclusions