Showing results for 
Search instead for 
Did you mean: 
Post a Question

GAIA REST APIs on demand

Hi All, As some of you already knows, we’ve recently released GAIA API version 1.2, the version includes new features and several enhancements (link) Along side the future I/S changes and fine tuning of our framework we will also target a few new APIs. I would like to use this thread and welcome you to share your opinion and suggest APIs which you’ll find useful. We will do our best to approach each of these requirements. Thanks, Tal

GAIA API version 1.2 is now GA !

Hi all, I am happy to announce the release of GAIA API version 1.2 This version includes several stability fixes, fine tuning of the current I/S and new APIs. Some of the new capabilities of the new version: GAIA Groups management Show system routes (static and dynamic) Monitoring Cluster API Controlling password policy Show system diagnostics.Currently disk, memory and CPU are being monitor, more capabilities will be available in the future. Documentation: Examples per API Fine description of each API (default values per field and many more) I/S: Local loginUse the current SSH session to login to GAIA API and get a REST session (> gaia_api login)! Very useful - when it comes to scripting or running remove scripts via the mgmt. (run script feature) Info Use this link to check the recent APIs documentation Use this link to download the recent API engine and see the latest change-log Regards, Tal Martsiano

Get early access to our new Threat Prevention APIs

Take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry: URL Reputation – for a domain/URL returns the classification and risk in accessing the resource File Reputation – for a file digest (md5/sha1/sha256/sha512) returns the risk in downloading the file without the need to scan it IP Reputation - for an IP address returns it’s classification and risk in accessing a resource hosted on it Mail Security – upload an email for scanning against malware and phishing attacks, based on award winning Sandblast engines All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more! If you’re a Check Point customer interested in participating in the early availability stage drop me a mail at

Ansible warnings type (dict) to type ( string)

Hi team, I am trying to use ansible with Red Hat Enterprise server 8 for a customer. The Playbook created works fine, However i get warnings like the one shown below. I can login to the management server and the objects. Any workarounds or solutions for this?

Sample DLL Secure Authentication API (SAA)

Hello folks,Is it possible to get a working/sample DLL of Secure Authentication API (SAA)? Thanks,GH.
rkalidh inside API / CLI Discussion and Samples Thursday
views 1979 11

Export Policy using python

Hi all, Good day!!.Am new to check point and am trying to automate few tasks in check point. As a part of it, would like to automate policy export of all check point firewalls and send in mail for monthly review. : Export import package will help to export policies but when i run in python, am getting error as in attached screen shot. Am sure that something is missed.Please guide me if am not in right path.

Export rules.

Dear all, We want to export the rules as per following format from our firewall to carryout verification at our end. Currently we are not able to get any inbuilt function of API to do the work. Data required in following format : 1. Source : 2. Destination : 3. Port. We have groups in our firewall and rules may be given on the basis of group i.e. at the destination end or at source end, there may be a group of IPs. Aforementioned data should contains actual IPs & not the name of the groups.

Smartmove ASA services group

I use Smartmove to convert ASA configuration to R80.10, the Json or sh script created the service groups from the ASA configuration, but Json or sh script not use those service group when creating rules, it just simple add all members inside a service group into the "Services & Application" column. how to use service group in a rule instead of putting all group member in the rule ? Sunny

Could not establish secure channel for SSL/TLS over web service (R80.10)

Iam trying connect over powershell (invoke-webrequest) but got that error:Could not establish secure channel for SSL/TLS over web servicethat instruction is not helping 10 1809 x64how to use web api?

API Cluster build

Hello All,Can somebody tell me if there is any possibility how to add a Cluster to the Mgmt (CMA) over the API?I found only the "add-simple-gateway" but nothign else?Thanks for infoRadek

How to remove a domain from an MDS admin via API

hi all, I'm trying to automate the admin deployment to and existing MDS via api.I can easily add a domain to an administrator:# mgmt_cli -r true set administrator name admin123 permissions-profile.add.1.domain SGFRTDMBOQ001_domain permissions-profile.add.1.profile "Read Write All" --------------------------------------------- Time: [16:45:45] 11/6/2019 --------------------------------------------- "Publish operation" in progress (60%) --------------------------------------------- Time: [16:45:55] 11/6/2019 --------------------------------------------- "Publish operation" succeeded (100%)But I'm not able to remove it:# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.1.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain permissions-profile.remove.profile "Read Write All" code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. #Any ideas? Cheers,Martin

Adding a Server object from mgmt_cli

I am working through automating Site-to-Site VPN creation, specifically cert-based Site-to-Site VPN.Have been unable to find a way to create a Trusted CA Server object via mgmt_cli. Is this something that should be possible? Are there generic-object workarounds that could serve this purpose?Any insight is appreciated.


Check Point Firewall CPView Database Graphing ToolExtract zip and run cpviewinsight.exeVersion 1.0.0 (CheckMates Page Version 1-2)Supports R77.30 to R80.10Version 1.1.1 (CheckMates Page Version 3)Supports R80.20Version 1.2.1 (CheckMates Page Version 4)Preliminary adds support for R8020SP CPView which is still unreleased.Threading implemented to 1.2.0 to prevent most locking scenarios of GUI.Crash handling to log unhandled exceptions.

Add users to existing access-role

Hello,I am trying to add an AD user to an existing group.Code I tried:set access-role name "Test_Access_Role" users "test1" machines "any" networks "any" remote-access-clients "any"Every command I enter returns an error message.what am I missing?

CloudGuard: Automated firewall Cluster Deployment with auto-scaling option

If you are playing with the API's, you will realise there is no API call yet available for Cluster Deployment. In the meantime, with little help from R&D, we've created this automation script: "" The script run from the management server and as many functions available. We leverage DBEDIT code and API Calls to help automate the cluster deployment and auto-scaling. Here the function available: # createClusterObject (4 variables needed):This will create the cluster object: CreateClusterObject Cluster_Name Cluster_IP SYNC_Network SYNC_Netmask EX: ./ createClusterObject vSECCluster # Adding Member 1: # createMemberObject (8 Variables):This will add member 1 into the cluster object createMemberObject Cluster_Name Member_Name Management_IP Management_Netmask Sync_IP Sync_Mask External_IP External_Netmask EX: ./ createMemberObject vSECCluster member1 ./ createSICWithObject vSECCluster member1 MXEydzNlNHI= # Adding Member 2:This will add member 2 into the cluster object./ createMemberObject vSECCluster member2 createSICWithObject vSECCluster member2 MXEydzNlNHI= # createSICWithObject This function create the SIC with previously defined cluster member. IMPORTANT NOTE: SIC password needs to be encoded in base64 Once the members are added into the cluster object, we need to define the virtual IP (VIP). This second script do the job: Cluster_Name VIP Interface_Name EX: for a Cluster with 3 interfaces, we call the script 3 times: ./ vSECCluster eth0./ vSECCluster eth1 # NEED VIP ON SYNC INTERFACE FOR AUTOSCALEUP AND DOWN option./ vSECCluster eth2 Now its time to push the policy: # pushing Policy:installPolicyOnObject Cluster_Name Policy_Package_Name./ installPolicyOnObject vSECCLuster AutomationTest Now we have a cluster with two members auto deployed. This open up the door for Auto-Scaling. Since we have a HA cluster deployed, we can add a cluster member and switch the cluster mode to LoadSharing. This part of the script doing this function: #!/bin/bash ## First, we need to add cluster member 3:echo "=========================="echo "Adding member3 to cluster "echo "=========================="./ createMemberObject vSECCluster member3 createSICWithObject vSECCluster member3 MXEydzNlNHI=./ installPolicyOnObject vSECCLuster AutomationTestecho "==========================" echo "=========================="echo "set cluster in LoadSharingMode"./ setHAMode vSECCluster LoadSharingecho "==========================" # 5# pushing Policy:echo "=========================="echo "Installing policy..."echo "=========================="./ installPolicyOnObject vSECCLuster AutomationTest We now have a cluster of 3 members in loadsharing mode. To Scale-Down we just need to delete member3 and switch back to HA mode: #!/bin/bash echo "=========================="echo "Scaling down..."echo "=========================="./ setHAMode vSECCluster HighAvailability./ deleteMemberObject member3 vSECClusterecho "=========================="echo "Installing policy..."echo "=========================="./ installPolicyOnObject vSECCLuster AutomationTest One way to orchestrate is if by using Ansible and calling those scripts with SSH command on the management server. See attached Ansible Document for an how to. For a quick test, Here is a bash script example to call all those functions: #!/bin/bash# 1# Creating cluster Object:echo "=========================="echo "Creating cluster object..."echo "=========================="./ createClusterObject vSECCluster "==========================" # 2# Adding Member 1:echo "=========================="echo "Adding member1 to cluster "echo "=========================="./ createMemberObject vSECCluster member1 createSICWithObject vSECCluster member1 MXEydzNlNHI=echo "==========================" # 3# Adding Member 2:echo "=========================="echo "Adding member2 to cluster "echo "=========================="./ createMemberObject vSECCluster member2 createSICWithObject vSECCluster member2 MXEydzNlNHI=echo "==========================" # 4# Creating Cluster Virtual IP:echo "==========================="echo "Creating cluster virtual IP"echo "==========================="mgmt_cli login --root true > login.txt./ vSECCluster eth0./ vSECCluster eth1 # NEED VIP ON SYNC INTERFACE FOR AUTOSCALEUP AND DOWN./ vSECCluster eth2mgmt_cli publish -s login.txtmgmt_cli logout -s login.txtrm login.txtecho "==========================" # 5# pushing Policy:echo "=========================="echo "Installing policy..."echo "=========================="./ installPolicyOnObject vSECCLuster AutomationTest I hope you enjoy and happy Scripting! 🙂