https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210200#M8447 <P>Recently I noticed that when we have multiple publishes, coming into the Checkpoint in fast succession, that have the same source OR same destination, Checkpoint chokes with the add-access-rule error (for all publish requests, except the first one).&nbsp; If we pace the incoming publishes out, like at 30sec or more in between, we have no issue.&nbsp; So, it seems that Checkpoint doesn't have any staging queue for the publishes.&nbsp; Is that true?</P><P>&nbsp;</P><P>Thanks.</P> Mon, 01 Apr 2024 18:07:11 GMT pdn 2024-04-01T18:07:11Z https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210200#M8447 <P>Recently I noticed that when we have multiple publishes, coming into the Checkpoint in fast succession, that have the same source OR same destination, Checkpoint chokes with the add-access-rule error (for all publish requests, except the first one).&nbsp; If we pace the incoming publishes out, like at 30sec or more in between, we have no issue.&nbsp; So, it seems that Checkpoint doesn't have any staging queue for the publishes.&nbsp; Is that true?</P><P>&nbsp;</P><P>Thanks.</P> Mon, 01 Apr 2024 18:07:11 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210200#M8447 pdn 2024-04-01T18:07:11Z https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210254#M8455 <P>Can you perhaps share syntax?</P> Tue, 02 Apr 2024 10:34:23 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210254#M8455 Amir_Senn 2024-04-02T10:34:23Z https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210260#M8456 <P>I like to correct what I said earlier. &nbsp;</P><P>So the api we’ve used &nbsp;to add a rule, is the add-access-rule. &nbsp;Then we send a publish. &nbsp;It fails with the add-access-rule call, even before the publish.</P><P><BR />An example that causes issue is. &nbsp;Let’s say we have 3 add-access-rule calls coming into the checkpoint closely to each other, like within few seconds. All 3 have the different source, but the same destination (for example an Cisco ACI epg data center object that gets imported from Cisco ACI previously into Checkpoint). &nbsp;In this case, from multiple processes (or multi threads). &nbsp;The Checkpoint will choke, rejecting all access add requests except the first one. &nbsp;I assume it’s because the firewall is processing the 1st request add, locking the epg object. &nbsp;Hence, the 2 subsequent requests got rejected. &nbsp;So it seems the firewall doesn't have a staging queue to hold for the 3 “concurrent” add requests. &nbsp;When I paced out the 3 add requests, like 30sec or more, all 3 add requests were successful. Then their subsequent publish calls were also successful.&nbsp;</P><P><SPAN><BR />I hope that helps clarify my question. &nbsp;&nbsp;</SPAN></P> Tue, 02 Apr 2024 22:19:26 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210260#M8456 pdn 2024-04-02T22:19:26Z https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210330#M8457 <P>Tested in my lab adding a locked network object as destination and publishing, didn't cause any issues.</P> <P>A few thing that might help us understand if there's an issue here:</P> <P>1) If you can add the response for the API calls we might see what is wrong more clearly.</P> <P>2) If you cancel the publish after every add-access-rule and keep only the one at the end - will this succeed? Another way is to add sleep between commands</P> <P>3) The way you run the commands are waiting for response?</P> Wed, 03 Apr 2024 09:26:12 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/add-access-rule-failed-no-publish-staging-queue/m-p/210330#M8457 Amir_Senn 2024-04-03T09:26:12Z