cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
BeaconBits
Nickel

New to Checkpoint Scripting - Where to start from?

Hello chaps,

I'm not new to Checkpoint but very much new to CLI and bit confuse when we talk about CLI in general.

At the moment, I can see that Checkpoint offers:

What are the differences and which one is more reliable where scripting can be create?

If all do the same job then why Checkpoint has all of these?

I believe it will help all others who are new to CLI.

Regards,

B

16 Replies
Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

all of this depends HOW you access your environment rather than what CP offers Smiley Happy 

Jerry
0 Kudos
Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

sorry, mistakenly clicked "Add Comment" ...

so basically CLI is either shell (used by SSH Client) or build on CLI from either WebUI (Gaia Portal) or SmartConsole (there you've got CLI but not to the GW but MGMT server - SMS/MDS) - again, all depends how and where from you're getting access to your so called "CLI".

more  about this you could read by Support  Centre searching for Command Line Access or simply here  by looking  for "CCC" Smiley Happy

Jerry
0 Kudos
Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

so sorry for so many replies mate but I guess what's worth mentioning is that this one you just must read !

TOP TOPIC here Smiley Happy

https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands

Cheers and good luck !

Jerry

Jerry
0 Kudos

Re: New to Checkpoint Scripting - Where to start from?

Jerry Szpinak, there is always "Edit" option in the Action menu

Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

sorry buddy, when you do that by Mobile Safari ...

Jerry
0 Kudos
Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

btw. how come you've tagged me with some non-existing account? check this out Valeri Loukine‌ - you've tagged non-existing account holder  

Jerry
0 Kudos
Highlighted

Re: New to Checkpoint Scripting - Where to start from?

That's because there are apparently three accounts of you here. We really need to do some cleanup. Never mind, fixed

0 Kudos
Jerry
Gold

Re: New to Checkpoint Scripting - Where to start from?

I'd appreciate Valeri if I could have 1 only, that one Jerry Szpinak Smiley Happy

other 2 might be just due to the fact that I work for quite a few CP customers at the same time ... and my UC accounts indeed blossom recently. Sorry Smiley Sad 

Jerry
0 Kudos

Re: New to Checkpoint Scripting - Where to start from?

It depends what you want to script, actually.

CLI is being used for all kind of things: OS management and configuration, troubleshooting, platform tuning, debug, automated deployment, diagnostics, etc.

Let's define a use case for you, then we can advise

0 Kudos
BeaconBits
Nickel

Re: New to Checkpoint Scripting - Where to start from?

Valeri - I know what CLI does mate.

I wanted to know only that. CP has too many CLI like options... such as:

We are running multi-domain environment. So I ssh to VSX and created a host object there and I looked in the smart console but I couldn't find that host object in the list. Then I clicked on the "Command Line" button in smartconsole and created there a host object and that appreard in the object DB straight away. Lastly, then I SSHed to management server and created a host object there and then again.. couldn't see the host object in the Smartconsole.

So what it shows that each CLI enviornment are different or may be I have poor understanding.

If you or anyone can shed some light on this .. would be much appreciated.

Maik Dummer‌ did Elaborate a bit. Thanks Mate.

0 Kudos

Re: New to Checkpoint Scripting - Where to start from?

I am still having trouble understanding your scenario. You are creating a host object where? How do you want to use this object later on? Everything related to security policies should be done on MGMT side first and then delivered with the policy installation to the enforcement points.

If that was your task, then yes, you needed MGMT API, and mgmt_cli is just one of the ways to invoke it. 

0 Kudos
BeaconBits
Nickel

Re: New to Checkpoint Scripting - Where to start from?

The last statement:

"

If that was your task, then yes, you needed MGMT API, and mgmt_cli is just one of the ways to invoke it. 

"

...is more valuebale then whole of this thread. Simple and straight forward.

Cheers mate.

Re: New to Checkpoint Scripting - Where to start from?

Glad it helps. 

0 Kudos
Maik
Silver

Re: New to Checkpoint Scripting - Where to start from?

Hey,

It all depends on your preferred way and language to write a script. The several offers that are available come with different backgrounds:

  • SmartConsole CLI => basically a subview within the SmartConsole that allows you to run API commands and to execute stuff. I think this option is not really often used to run scripts, as you need to have access to the SMS via the SmartConsole in order to use it. [executed via the "command line" button within the SmartConsole]
  • The mgmt_cli tool => a tool that comes with the installation of the SmartConsole, it is placed in the SmartConsole install directory, also often referred to as "mgmt_cli.exe". It allows you to execute API commands via [edit] batch or powershell and therefore from a client machine without the need to open the SmartConsole.
  • Management CLI in Gaia => its the same as the "mgmt_cli.exe" with the only difference that this tool is part of the Gaia installation and allows you to execute API commands e.g. locally on the SMS (mgmt_cli commands can be included in bash script, to mention one example).
  • Web Services => thats the most basic way to use the api, as it is the interface in order to access the RESTful API. You can basically send the required HTTP(S) POST information with the required information via tools like POSTman in order to receive the needed information.

The options "SmartConsole CLI", "mgmt_cli.exe" & mgmt cli on Gaia all depend on the web services base. They basically translate the commands into HTTP(S) requests and send them to the API in order to receive any required information. There are some differences when it comes to the actual API access. If you want to know more about that you can take a look at this thread, where I asked how the management api structure itself looks.

In addition, there are packages for specific language like e.g. python, that also include functions that can be used in your script, that basically translate into API HTTPS requests and enable you to work with the API without the need to manage the actual HTTPS communication (with session management etc.).

Hope that clarifies it for you Smiley Happy

Regards,

Maik

Employee++
Employee++

Re: New to Checkpoint Scripting - Where to start from?

Maik, great explanation!

0 Kudos

Re: New to Checkpoint Scripting - Where to start from?

Good Explanation Maik

0 Kudos