cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Employee
Employee

MDS Global IP search

Hey all, I've been interested in trying out Smart Console Extensions for a while now and this request came up locally in a discussion so thought I'd try and smoosh the two things together. 

https://github.com/sg84/MDSSearch

 
 
 

2020-02-28 13_09_07-.png

 

2020-02-28 13_09_22-.png

 

The main function comes from a Docker image which acts as a simple web host to serve the Smart Console Extension and also as a proxy to send API requests to the Smart Center (without it, you run into all sorts of fun CORS issues). Once installed - you get a dashboard extension pane that lets you search for an IP address across all domains. Currently, it's limited to IPv4 and hosts - but that's a fairly easy change to make depending on what's required. 

I've written it to use the API key functionality in R80.40 but this could easily be ported to R80.30 to use username and password auth for the API. 

Hope it works for someone, let me know if there are any issues.

 

Stu

7 Replies
Highlighted

Re: MDS Global IP search

I wanted to add this but the URL cannot be used it has to be a github manifest, I'm not a developer, so not sure where to look for the right URL to add it directly to the SmartConsole.
Regards, Maarten
0 Kudos
Highlighted
Employee
Employee

Re: MDS Global IP search

Hey, there's a little more to it than that as the extension requires a helper VM / container.

There are some instructions in the readme file under Github that go into more detail - but you need to clone / download all of the files from Github and then launch a Docker container based on the docker file. If you have a virtualisation environment and can build something like an Ubuntu VM - that will probably be easiest to run these commands in. I used Ubuntu in Virtualbox to build this and that worked fine. It doesn't have to be a particularly high powered VM, just something that can handle a few web connections.

0 Kudos
Highlighted

Re: MDS Global IP search

Ok, that makes it a bit harder to get going for me.
Thanks.
Regards, Maarten
0 Kudos
Highlighted
Employee
Employee

Re: MDS Global IP search

it's not as scary as it sounds, you don't have to do anything with docker other than install it and run the commands. drop me a message if you need a hand.
0 Kudos
Highlighted
Admin
Admin

Re: MDS Global IP search

Funny you mention CORS, it came up on the community recently.
And yes, it's a problem.
https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-CORS/m-p/70990#M4233

In any case, well done!
0 Kudos
Highlighted
Employee
Employee

Re: MDS Global IP search

CORS is a pain and a bit of a weird protection to get your head around. I had a play with the gateway and it is possible to add the required headers to the API responses from your management server, but it's super unsupported (you need to modify the httpd config files for the API and I have 0% confidence that changing this won't break something else so don't do it in or anywhere near production environments!). The headers aren't enough to satisfy CORS though in most cases because the JSON requests we use aren't classified as 'simple' requests and need the web server to respond in a particular way to an HTTP OPTIONS request. At that point it was too late at night for me to delve any further so I went down the proxy route. 

0 Kudos
Highlighted
Employee+
Employee+

Re: MDS Global IP search

Thanks, and it's really cool that you were able to take the SmartConsole Extensions I/S with the Management APIs to develop such a feature without R&D involvement 😀

I hope that this will be useful for customers using current versions that are already GA.

I also want to share that we are planning some new capabilities for the upcoming version (after R80.40). This includes a cross-domain-search that will be native within SmartConsole. It will also come with new APIs that can perform searches across multiple domains without the need to iterate over them one-by-one, so the performance will be better for large environments.

0 Kudos