cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Hi,

My requirement is to create a two object with different name but same IP Address using R80.10 API.

When we create host or network object API will do error check for duplicate IP, It will not let us create two object with same IP but different name.

Can i tell API to skip this error check.

Or is there any other way to achieve same?

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
Employee+
Employee+

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

You can instruct API to ignore warnings or errors (but not blocking errors) by providing ignore-warnings or ignore-errors correspondingly. 

Example

[Expert@host]# mgmt_cli -s id.txt add host name abc ip-address 1.1.1.1
[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1
code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "Multiple objects have the same IP address 1.1.1.1"

[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1 ignore-warnings true
[Expert@host]#

Documentation for add-host (find the fields under "More" section in Request Parameters)

Pay attention that in case of ignored errors - you wan't be able to publish!

11 Replies
Employee+
Employee+

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

You can instruct API to ignore warnings or errors (but not blocking errors) by providing ignore-warnings or ignore-errors correspondingly. 

Example

[Expert@host]# mgmt_cli -s id.txt add host name abc ip-address 1.1.1.1
[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1
code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "Multiple objects have the same IP address 1.1.1.1"

[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1 ignore-warnings true
[Expert@host]#

Documentation for add-host (find the fields under "More" section in Request Parameters)

Pay attention that in case of ignored errors - you wan't be able to publish!

Employee+
Employee+

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

In the comment above from Eugene Grybinny he states that you won't be able to publish with ignored errors; however, this is only the case if the issue generates a validation warning, which should be documented in the failure for the publish operation.

For the generation of an object that duplicates elements of another objects, but is not a 100% clone, there should not be an issue.  I've done this when doing exports to CSV files and then importing those CSV files via -batch mode on mgmt_cli.

If you don't specify the ignore-warnings or ignore-errors CLI option, a -batch operation may complete, but will not execute the changes/additions of the problem items, which can cause follow-on issues doing multiple import operations in succession.

The utilization of the ignore-warnings and ignore-errors option is especially necessary when working with network and group objects, since Get Interfaces in R80 and later will import the static routes and generate a network object for the interface if there is no existing network object covering the target network, and will group them into a set with static route identified networks to add in the topology configuration.  If these Check Point generated groups and networks exist, then not using the ignore options will result in failure to create the item from the API, since those networks already exist in another object.

0 Kudos

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Hello,

I am having strange issue "set-if-exists true" doesnt work with batch csv option.

here:

mgmt_cli add host set-if-exists true -b hosts2.csv
Username: admin
Password:
Line 2: code: "err_validation_failed"
message: "Validation failed with 1 warning and 1 error"
warnings:
- message: "Multiple objects have the same IP address 192.168.162.18"
errors:
- message: "More than one object named 'HGSDPN_VPN_HUDSON5' exists."


Executed command failed. Changes are discarded.

 mgmt_cli add host name "HGSDPN_VPN_HUDSON5" ip-address "192.168.162.18" set-if-exists true
Username: admin
Password:


---------------------------------------------
Time: [17:30:52] 7/12/2017
---------------------------------------------
"Publish operation" succeeded (100%)

Any way to fix it ???

0 Kudos
Employee++
Employee++

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

add the "ignore-warnings true" option at the end.

0 Kudos
Highlighted
Employee+
Employee+

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Hi,

You can create multiple distinctly named objects with the same IP Address or IP Address range/network; however, you CAN NOT create duplicate objects with the same NAME, which you are trying to do.

Object names must be unique within a Domain (e.g. SMS, or single domain on in MDM), so you go the warning (will allow it to pass) on the IP Address; however, the error on the duplicate name terminates the operation.

BR

Eric

Eric Beasley

Security Engineer, North America Channel Sales

Cell: +1 708-224-7724 E-mail: ericb@checkpoint.com

0 Kudos
Employee++
Employee++

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Hi Eric,

He is not creating different objects with the same name, he is using a "set_if_exists" flag, which will update an existing object (with the same name AND TYPY).

Robert.

0 Kudos

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Thanks for the response guys, actually it was my mistake i was putting set_if_exists in the command but in batch option it has be inside CSV file, it fixed my problem.

0 Kudos

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

How did you do it exactly? What is the syntax in the csv?

Thanks,
Philipp

0 Kudos
Employee++
Employee++

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

in CSV file the first line consists of field names. The following lines are the values.

You should add the "set_if_exists" field at the top line, and insert the values per each line in the appropriate location.

You can edit the file in MS Excel or Notepad++.

Robert.

0 Kudos

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

Now i got into new problem set_if_exists doesnt exist for creating groups Smiley Sad

0 Kudos
Employee++
Employee++

Re: Can I create duplicate object(Network or Host) using R80.10 API

Jump to solution

No, it does not.

If you have only few duplicate names, I suggest to redirect the errors to a file, and then handle them manually (use option 2>&1).

Robert.

0 Kudos