cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

MDS Install Multiple Policy via REST API

Jump to solution

On the MDS GUI in R80.10, you can right click a domain and select "Install Policy" and install multiple policies. Is there a way to do this via REST API?

1 Solution

Accepted Solutions
Admin
Admin

Re: MDS Install Multiple Policy via REST API

Jump to solution

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

6 Replies
Admin
Admin

Re: MDS Install Multiple Policy via REST API

Jump to solution

There is an "install-policy" action via the API, yes.

See the link to it here: Check Point - Management API reference 

0 Kudos

Re: MDS Install Multiple Policy via REST API

Jump to solution

Will it automatically queue up the policy installs like the option in the GUI?

0 Kudos
Admin
Admin

Re: MDS Install Multiple Policy via REST API

Jump to solution

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

Ivan_Moore
Nickel

Re: MDS Install Multiple Policy via REST API

Jump to solution

It can install it in the same way...however it will do what you tell it to do.

If you tell it to install a policy and don't give it installation targets, it will default to how that policy is configured in regards to installation targets.  

Scenario:  Provider-1 Domain with 3 clusters and a separate policy for each cluster.  

Policy-A is configured with installation targets of Cluster-A

Policy-B is configured with installation targets of Cluster-B

Policy-C was just built and is for Cluster-C however it is not completely configured and has a Any for installation targets.

In fact, Cluster-C hasn't even been built yet, an Engineer is just working on the policy to get it ready.

Manually with Smart Console if you attempt to install Policy-C on Cluster-A or Cluster-B it will pop up a warning saying are you sure?  The policy doesn't match what is installed...yada...yada

From Smart Domain Manager doing the re-assign w/ install for the whole domain would just install Policy-A and Policy-B and would ignore Policy-C.  

For API, if you pull the list of packages and tell the API to install all available packages, it would Policy-A on Cluster-A.  Policy-B on Cluster-B and Policy-C would install on both Cluster-A and Cluster-B and be happy about it.  

Lots of power, but it will also let you shoot yourself in the foot

0 Kudos

Re: MDS Install Multiple Policy via REST API

Jump to solution

This is correct. We plan to make a better experience for this in our next releases.

Re: MDS Install Multiple Policy via REST API

Jump to solution
  1. You will have to login at the domain Level...  see https://community.checkpoint.com/thread/1066  
  2. Make sure to specify targets in the install command. I noticed i(n the cli) that if you do not specify target gateway, the policy is pushed to all the gateways in the domain  
0 Kudos