cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Kim_Moberg
Silver

How to find generic-object that is not defined in the API?

Hi Team

Where can I read out the available object name used in the below example to create a interoperable device?

Is it found in dbedit editor?

mgmt_cli -s id.txt add generic-object create "com.checkpoint.objects.classes.dummy.CpmiGatewayPlain" name "interdev_2" ipaddr "10.1.1.2" thirdPartyEncryption "True" osInfo.osName "Gaia" vpn.create "com.checkpoint.objects.classes.dummy.CpmiVpn" vpn.owned-object.vpnClientsSettingsForGateway.create "com.checkpoint.objects.classes.dummy.CpmiVpnClientsSettingsForGateway" vpn.owned-object.vpnClientsSettingsForGateway.owned-object.endpointVpnClientSettings.create "com.checkpoint.objects.classes.dummy.CpmiEndpointVpnClientSettingsForGateway" vpn.owned-object.vpnClientsSettingsForGateway.owned-object.endpointVpnClientSettings.owned-object.endpointVpnEnable "True" vpn.owned-object.ike.create "com.checkpoint.objects.classes.dummy.CpmiIke" vpn.owned-object.sslNe.create "com.checkpoint.objects.classes.dummy.CpmiSslNetworkExtender" vpn.owned-object.sslNe.owned-object.sslEnable "False" vpn.owned-object.sslNe.owned-object.gwCertificate "defaultCert" manualEncdomain $vpn_enc_domain encdomain "MANUAL"

Best Regards
Kim
4 Replies
Employee++
Employee++

Re: How to find generic-object that is not defined in the API?

I don't understant your question...

What are you trying to accomplish exactly? View an object created by a generic objects API?

0 Kudos
Kim_Moberg
Silver

Re: How to find generic-object that is not defined in the API?

Hi Robert

I am trying to fill out the gap from my https://community.checkpoint.com/thread/7701-missing-api-possibility-to-set-vpn-community-star-objec... 


And then I wonder how and were you were able to find these field values! How I can find then myself and use the fields?


So i was thinking if I could run the command 

To show all object of a vpn-community which used perfect forward secret and set DH on Ipsec Phase 2


Please the my latest post below. 

Best Regards
Kim
0 Kudos
Kim_Moberg
Silver

Re: How to find generic-object that is not defined in the API?

By running this commenad

 mgmt_cli -u admin show  generic-object uid 11fa48eb-d89b-4f70-9ff1-bbe82abc54d1

I ask to show uid of an active vpn-community-star 

There I have found some values, that I might select to use?

#enable Perfect Forward Secrecy true/false
ikeP2.ikeP2UsePfs true

#use DH group 5
ikeP2.ikeP2PfsDhGrp: "97aeb629-9aea-11d5-bd16-0090272ccb30"

#Rekey phase1 and phase2

ikeP1.ikeP1RekeyTime "60"

ikeP2.ikeP2RekeyTime "28800"

how would I be able to set or add settings to a created vpn-community-start via a API something like this?

mgmt_cli add generic-object set "com.checkpoint.objects.classes.dummy.CpmiGatewayPlain" name "interdev_2"  ikeP2.ikeP2UsePfs "true" ikeP2.ikeP2PfsDhGrp "97aeb629-9aea-11d5-bd16-0090272ccb30" ikeP1.ikeP1RekeyTime "60" ikeP2.ikeP2RekeyTime "28800"

Thanks

Kim

Best Regards
Kim
0 Kudos
Employee++
Employee++

Re: How to find generic-object that is not defined in the API?

As I've already mentioned in your other post, when Management API lacks some settings, and this can happen, you can combine it along with dbedit API, as you did in interoperable device update.

The show-objects command and show-generic-objects command show the whole list of settings that can be accessed via dbedit API.

Robert.

0 Kudos