cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Manipulate Cluster Object with API

Hello guys,

I am wondering if there is any way how to modify Cluster object using API tool. I know, that there are few commands to manipulate with "simple-gateway", but I would like to know if there is posibility to change something within Cluster Object, or even member(s) of Cluster. Lets say I want to add new interface (new VLAN) for cluster with 2 members in "Dashboard". Attaching screenshot what I would like to achieve.

Of course I tried to use for example "show-simple-gateway" (see second attached screenshot) for Cluster, but I am getting following error:

{
"code": "generic_error",
"message": "Runtime error: com.checkpoint.objects.classes.dummy.CpmiGatewayCluster incompatible with com.checkpoint.objects.classes.dummy.CpmiGatewayCkp"
}

Is something like that posible ?

Thank you for your answer.

Kind regards,
Jozko Mrkvicka
Labels (1)
12 Replies
Employee++
Employee++

Re: Manipulate Cluster Object with API

Hi,

Currently there is no support for Cluster objects via API.

As you mentioned, only "simple_gateway" can be manipulated.

In addition, you can use "show gateways-and-servers" API to display ALL gateways/clusters/servers in your DB.

I assume that we will support Clusters in a future version.

Robert.

0 Kudos

Re: Manipulate Cluster Object with API

I would like to add that cluster objects as well as VSX in R80 and R80.10 are fully supported through the dbedit command.

0 Kudos

Re: Manipulate Cluster Object with API

Hi Robert,

Thank you for your swift and clear answer.

In my opinion, support for Cluster Object should be added ASAP, as most of organizations are using Clusters due to redundancy.

API for R80 is awesome feature, but in this case it is not usable at all to automate for example VLAN creation in case we are using 2 (or more) members.

Kind regards,
Jozko Mrkvicka

Re: Manipulate Cluster Object with API

Agree. We really need all of the management functions and settings to be exposed through API. 

0 Kudos

Re: Manipulate Cluster Object with API

As of now, dbedit is your best way for clusters. While not RESTful, it can also be done remotely.  

Usually your indication for “does this have R80-style REST API” is whether the GUI for the object or view has an R80 look and feel. With each version we will add more API commands, both for new features and for existing features which haven’t yet got the “R80 treatment”. 

0 Kudos

Re: Manipulate Cluster Object with API

Hi

Tomer Sole‌,

Robert Decker

So I played with "dbedit" for a while and I am getting into one strange issue. I am using script to create new Cluster interface and update it with all relevant data, attaching all the commands as example:

addelement network_objects GWC interfaces cluster_interface
modify network_objects GWC interfaces:4:ifindex 4
modify network_objects GWC interfaces:4:member_network:ipaddr 10.20.150.0
modify network_objects GWC interfaces:4:member_network:netmask 255.255.255.0
modify network_objects GWC interfaces:4:officialname eth10.150
modify network_objects GWC interfaces:4:ipaddr 10.20.150.1
modify network_objects GWC interfaces:4:netmask 255.255.255.0
modify network_objects GWC interfaces:4:monitored_by_cluster true
modify network_objects GWC interfaces:4:security:netaccess:access this
modify network_objects GWC interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW1 interfaces interface
modify network_objects GW1 interfaces:4:ifindex 4
modify network_objects GW1 interfaces:4:officialname eth10.150
modify network_objects GW1 interfaces:4:ipaddr 10.20.150.2
modify network_objects GW1 interfaces:4:netmask 255.255.255.0
modify network_objects GW1 interfaces:4:monitored_by_cluster true
modify network_objects GW1 interfaces:4:security:netaccess:access this
modify network_objects GW1 interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW2 interfaces interface
modify network_objects GW2 interfaces:4:ifindex 4
modify network_objects GW2 interfaces:4:officialname eth10.150
modify network_objects GW2 interfaces:4:ipaddr 10.20.150.3
modify network_objects GW2 interfaces:4:netmask 255.255.255.0
modify network_objects GW2 interfaces:4:monitored_by_cluster true
modify network_objects GW2 interfaces:4:security:netaccess:access this
modify network_objects GW2 interfaces:4:security:netaccess:perform_anti_spoofing true
update_all
savedb‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I am using procedure mentioned in sk30383, together with "dos2unix", "sed -i 's/[[:space:]]*$//' <filename>" and at the end executing input file using "dbedit -local -globallock -f <filename>"

Basically all is fine (no errors), cluster and both gateways are updated with correct data (checked with "print network_objects GWC") but in fact in SmartConsole I cannot see this new interface in Network Management.

I have tried also install database and policy, without any difference.

What I am doing wrong ? What else must be updated/modified in order to see this new interface in Network Management tab ?

Thanks everyone who can check it Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: Manipulate Cluster Object with API

for this question it will be best if you can please open a task for this so that Check Point Support will be able to assist. 

0 Kudos

Re: Manipulate Cluster Object with API

Did you ever find a fix for this?

0 Kudos
Highlighted
Employee++
Employee++

Re: Manipulate Cluster Object with API

Hi,

Please take a look at this thread - https://community.checkpoint.com/message/14128-dbedit-issue.

And pay attention to my latest answer about an alternative.

Robert.

0 Kudos

Re: Manipulate Cluster Object with API

Hello Robert Decker‌, Tomer Sole

Any update on this matter? 

API version 1.2 still doesnt have support for cluster object manipulation.

Do you know ETA for this ?

Thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: Manipulate Cluster Object with API

This is not planned for R80.20, but we do have concrete plans for this in the near future.

Re: Manipulate Cluster Object with API

When we can FINALLY expect such a basic feature like manipulating Cluster objects within R80 ? R80.30 is GA, without any single API command for this purpose. What a shame.

Kind regards,
Jozko Mrkvicka
Tags (3)
0 Kudos