Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Francesco-P
Contributor
Jump to solution

How to create LegacyUserAtLocation object through the R80.x api?

Hi,

in a R80.20 SMS, i need to implement a lot of object of type LegacyUserAtLocation and use in the rulebase as ClientAuth rule.


To use an existing LegacyUserAtLocation object, it's easy by referencing the uid, in the "source" filed of the api call for add-access-rule.
And this is the only way, because the allowed values for the "source" field are just "string" or a "list" of string (see Management API Reference v1.3).

For this reason,i suppose this object isn't a "runtime object", and should exist in the db(where, i don't know)


But how can i create a new LegacyUserAtLocation object?


If i would use add-generic-object api, i should know the class type to use in the "create" field, as explained in this link (see Request - 2    Add new user)... i miss this information

Take a look to the following request to clarify:

Request - https://_._._._/web_api/show-generic-object

This is the request for an existing LegacyUserAtLocation
{
    "uid": "fc3839e0-16d9-4d2b-9b6a-057744f7d3cc",
    "details-level" : "full"
}‍‍‍‍‍‍‍‍


Response

{
  "domainsPreset": null,
  "objectValidationState": null,
  "color": "BLACK",
  "userGroup": "0f2aadf4-42b7-11e2-a0d2-00000000dede",
  "location": "ad57e4fc-42bb-11e2-a0d2-00000000dede",
  "uid": "fc3839e0-16d9-4d2b-9b6a-057744f7d3cc",
  "folder": {
    "uid": "baf708b7-6543-4b69-aa44-a3f6058e6607",
    "name": "Global Objects"
  },
  "domain": {
    "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name": "SMC User"
  },
  "meta-info": {
    "metaOwned": false,
    "lockStateResponse": null,
    "validationState": "OK",
    "deletable": true,
    "renameable": true,
    "newObject": false,
    "lastModifytime": 1546965204492,
    "lastModifier": "System",
    "creationTime": 1546964026903,
    "creator": "System"
  },
  "tags": [
  ],
  "name": "user_1@location_1",
  "icon": "Objects/UsersGroup",
  "comments": "",
  "display-name": "",
  "customFields": null,
  "_original_type": "LegacyUserAtLocation"
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍


I think to use something like:

Request - https://_._._._/web_api/add-generic-object

{
    "create" : "com.checkpoint.????.????.ClassUserAtLocation",
    "name": "new_user@new_location",
    "type": "LegacyUserAtLocation",
    "color": "black",
    "location": "ad57e4fc-42bb-11e2-a0d2-00000000dede",
    "userGroup": "0f2aadf4-42b7-11e2-a0d2-00000000dede",
    "icon": "Objects/UsersGroup",
    "comments": "Some comments",
    "display-name": "",
    "_original_type": "LegacyUserAtLocation"
}
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

but doesn't work!

Possible workaround (dbedit?) or a list of class are welcome.

Thanks,

Francesco

1 Solution

Accepted Solutions
Joshua_Hatter
Employee
Employee

The appropriate class is going to be 'com.checkpoint.objects.LegacyUserAtLocation'

Then you need to supply the following keys.

name - I would stick with <groupname>@<objectname>

userGroup - uid of group object

location - uid of network object

So something like:

mgmt_cli add generic-object create 'com.checkpoint.objects.LegacyUserAtLocation' userGroup ad7bffcd-af13-4fd6-8115-5662a9f15e57 location 5c2e22c4-1698-43fc-b7b2-bac26ef00c09 name "test_group@test_object"

Then you need to run show generic-objects class-name com.checkpoint.objects.LegacyUserAtLocation to get the UID of the created UserAtLocation to pass its UID to an access-rule.

mgmt_cli show generic-objects class-name com.checkpoint.com.objects.LegacyUserAtLocation

Tested in lab, the object creation works, don't know about traffic actually working.

View solution in original post

5 Replies
Joshua_Hatter
Employee
Employee

The appropriate class is going to be 'com.checkpoint.objects.LegacyUserAtLocation'

Then you need to supply the following keys.

name - I would stick with <groupname>@<objectname>

userGroup - uid of group object

location - uid of network object

So something like:

mgmt_cli add generic-object create 'com.checkpoint.objects.LegacyUserAtLocation' userGroup ad7bffcd-af13-4fd6-8115-5662a9f15e57 location 5c2e22c4-1698-43fc-b7b2-bac26ef00c09 name "test_group@test_object"

Then you need to run show generic-objects class-name com.checkpoint.objects.LegacyUserAtLocation to get the UID of the created UserAtLocation to pass its UID to an access-rule.

mgmt_cli show generic-objects class-name com.checkpoint.com.objects.LegacyUserAtLocation

Tested in lab, the object creation works, don't know about traffic actually working.

Francesco-P
Contributor

Thanks Joshua,
the api works, and asap i'll test the traffic and let you know

0 Kudos
Francesco-P
Contributor

I tried to do some traffic in a virtual environment and its works as expected!

Thanks!

0 Kudos
PhoneBoy
Admin
Admin

While it's great you got it working, I do have to ask the question why you are still using Client Auth.

Use on R80.x gateways still works, but has some limitations.

See: Install policy on R80.10 Security Gateway fails with verification error messages 

0 Kudos
Francesco-P
Contributor

Thanks Dameon, i get it!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events