cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Not able to run Python script in Checkpoint GAIA security GW

Hi team,

I have pushing python script from ansible. I have whitelisted python script path in /opt/CPsuite-R77/fw1/conf/whitelist as well.

Getting error : File '/opt/CPsuite-R77/fw1/scripts/ansible-tmp-1549820289.28-125410269476857/AnsiballZ_ping.py' execution is not allowed according to Check Point policy

Please help in this.

7 Replies

Re: Not able to run Python script in Checkpoint GAIA security GW

Python and modules on CP GW is having limited functionality, you cannot run everything like you would run on pc/server, rather run it from normal linux machine

0 Kudos

Re: Not able to run Python script in Checkpoint GAIA security GW

Hi Martin,

It is ansible control host who is pushing scripts on Checkpoint GAIA gateway R80.10

Has anyone worked for Checkpoint GAIA gateway using Ansible?

Which Remote_tmp path to select to run scripts successfully by ansible on Checkpoint GAIA gateway R80.10?

0 Kudos
Highlighted
Admin
Admin

Re: Not able to run Python script in Checkpoint GAIA security GW

What is the purpose of the script you're trying to push?

In general, the number of libraries we include with our Python is limited.

There me be a different way to achieve the result you're after.

0 Kudos

Re: Not able to run Python script in Checkpoint GAIA security GW

Hi,

This is command module i am running using in ansible to push commands in checkpoint gateway.

Ansible generates .Py file and executes on gateway.

 It might be the case that pushing commands using command module is not supported by checkpoint. I will check for network_cli module then. Thanks for your responses. It helps.

Where can I get details of ansible modules which are allowed by checkpoint in firewall to run?

Regards,

Trupti

0 Kudos
Admin
Admin

Re: Not able to run Python script in Checkpoint GAIA security GW

If you're trying to have Ansible run commands on a Check Point Security Gateway in this manner, this is not supported.

What you can do today is use an Ansible module to talk with the R80.x Management Server and have it execute commands using the run-script API.

See: Automate your R80 Management Server using Ansible

We also have a REST API on the Gateway that we added fairly recently: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-...

There is not an Ansible module that takes advantage of this just yet.

0 Kudos

Re: Not able to run Python script in Checkpoint GAIA security GW

Thanks for information....I would be happy If i get it from EA team for testing.

Please do let me know when ansible module is available to automate Checkpoint R80.10 security gateway

0 Kudos
Admin
Admin

Re: Not able to run Python script in Checkpoint GAIA security GW

Like I said, you can already do it today using the run-script API and the Ansible module I linked in my previous reply.

It's an indirect approach but it works.