cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee

Get early access to our new Threat Prevention APIs

Take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry: URL Reputation – for a domain/URL returns the classification and risk in accessing the resource File Reputation – for a file digest (md5/sha1/sha256/sha512) returns the risk in downloading the file without the need to scan it IP Reputation - for an IP address returns it’s classification and risk in accessing a resource hosted on it Mail Security – upload an email for scanning against malware and phishing attacks, based on award winning Sandblast engines All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more! If you’re a Check Point customer interested in participating in the early availability stage drop me a mail at yoav@checkpoint.com
Employee

Ansible warnings type (dict) to type ( string)

Hi team, I am trying to use ansible with Red Hat Enterprise server 8 for a customer. The Playbook created works fine, However i get warnings like the one shown below. I can login to the management server and the objects. Any workarounds or solutions for this?

Sample DLL Secure Authentication API (SAA)

Hello folks,Is it possible to get a working/sample DLL of Secure Authentication API (SAA)? Thanks,GH.
rkalidh
rkalidh inside API / CLI Discussion and Samples Thursday
views 1978 11

Export Policy using python

Hi all, Good day!!.Am new to check point and am trying to automate few tasks in check point. As a part of it, would like to automate policy export of all check point firewalls and send in mail for monthly review.https://github.com/CheckPointSW/ExportImportPolicyPackage : Export import package will help to export policies but when i run in python, am getting error as in attached screen shot. Am sure that something is missed.Please guide me if am not in right path.

Export rules.

Dear all, We want to export the rules as per following format from our firewall to carryout verification at our end. Currently we are not able to get any inbuilt function of API to do the work. Data required in following format : 1. Source : 2. Destination : 3. Port. We have groups in our firewall and rules may be given on the basis of group i.e. at the destination end or at source end, there may be a group of IPs. Aforementioned data should contains actual IPs & not the name of the groups.
Employee

Smartmove ASA services group

I use Smartmove to convert ASA configuration to R80.10, the Json or sh script created the service groups from the ASA configuration, but Json or sh script not use those service group when creating rules, it just simple add all members inside a service group into the "Services & Application" column. how to use service group in a rule instead of putting all group member in the rule ? Sunny

Could not establish secure channel for SSL/TLS over web service (R80.10)

Iam trying connect over powershell (invoke-webrequest) but got that error:Could not establish secure channel for SSL/TLS over web servicethat instruction is not helping https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121353windows 10 1809 x64how to use web api?

API Cluster build

Hello All,Can somebody tell me if there is any possibility how to add a Cluster to the Mgmt (CMA) over the API?I found only the "add-simple-gateway" but nothign else?Thanks for infoRadek

How to remove a domain from an MDS admin via API

hi all, I'm trying to automate the admin deployment to and existing MDS via api.I can easily add a domain to an administrator:# mgmt_cli -r true set administrator name admin123 permissions-profile.add.1.domain SGFRTDMBOQ001_domain permissions-profile.add.1.profile "Read Write All" --------------------------------------------- Time: [16:45:45] 11/6/2019 --------------------------------------------- "Publish operation" in progress (60%) --------------------------------------------- Time: [16:45:55] 11/6/2019 --------------------------------------------- "Publish operation" succeeded (100%)But I'm not able to remove it:# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.1.domain SGFRTDMBOQ001_domain code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. # mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain permissions-profile.remove.profile "Read Write All" code: "generic_err_invalid_parameter" message: "Invalid parameter for [permissions-profile]. Invalid value" Executed command failed. Changes are discarded. #Any ideas? Cheers,Martin

Adding a Server object from mgmt_cli

I am working through automating Site-to-Site VPN creation, specifically cert-based Site-to-Site VPN.Have been unable to find a way to create a Trusted CA Server object via mgmt_cli. Is this something that should be possible? Are there generic-object workarounds that could serve this purpose?Any insight is appreciated.
Employee+

CPViewInsights

Check Point Firewall CPView Database Graphing ToolExtract zip and run cpviewinsight.exeVersion 1.0.0 (CheckMates Page Version 1-2)Supports R77.30 to R80.10Version 1.1.1 (CheckMates Page Version 3)Supports R80.20Version 1.2.1 (CheckMates Page Version 4)Preliminary adds support for R8020SP CPView which is still unreleased.Threading implemented to 1.2.0 to prevent most locking scenarios of GUI.Crash handling to log unhandled exceptions.

Add users to existing access-role

Hello,I am trying to add an AD user to an existing group.Code I tried:set access-role name "Test_Access_Role" users "test1" machines "any" networks "any" remote-access-clients "any"Every command I enter returns an error message.what am I missing?
Employee+

CloudGuard: Automated firewall Cluster Deployment with auto-scaling option

If you are playing with the API's, you will realise there is no API call yet available for Cluster Deployment. In the meantime, with little help from R&D, we've created this automation script: "vsecClusterObject.sh" The script run from the management server and as many functions available. We leverage DBEDIT code and API Calls to help automate the cluster deployment and auto-scaling. Here the function available: # createClusterObject (4 variables needed):This will create the cluster object: CreateClusterObject Cluster_Name Cluster_IP SYNC_Network SYNC_Netmask EX: ./vsecClusterObject.sh createClusterObject vSECCluster 192.168.1.14 1.1.1.0 255.255.255.0 # Adding Member 1: # createMemberObject (8 Variables):This will add member 1 into the cluster object createMemberObject Cluster_Name Member_Name Management_IP Management_Netmask Sync_IP Sync_Mask External_IP External_Netmask EX: ./vsecClusterObject.sh createMemberObject vSECCluster member1 192.168.1.15 255.255.255.0 1.1.1.2 255.255.255.0 192.168.2.40 255.255.255.0 ./vsecClusterObject.sh createSICWithObject vSECCluster member1 MXEydzNlNHI= # Adding Member 2:This will add member 2 into the cluster object./vsecClusterObject.sh createMemberObject vSECCluster member2 192.168.1.16 255.255.255.0 1.1.1.3 255.255.255.0 192.168.2.41 255.255.255.0./vsecClusterObject.sh createSICWithObject vSECCluster member2 MXEydzNlNHI= # createSICWithObject This function create the SIC with previously defined cluster member. IMPORTANT NOTE: SIC password needs to be encoded in base64 Once the members are added into the cluster object, we need to define the virtual IP (VIP). This second script do the job: vip.sh Cluster_Name VIP Interface_Name EX: for a Cluster with 3 interfaces, we call the script 3 times: ./vip.sh vSECCluster 192.168.1.14 eth0./vip.sh vSECCluster 1.1.1.1 eth1 # NEED VIP ON SYNC INTERFACE FOR AUTOSCALEUP AND DOWN option./vip.sh vSECCluster 192.168.2.39 eth2 Now its time to push the policy: # pushing Policy:installPolicyOnObject Cluster_Name Policy_Package_Name./vsecClusterObject.sh installPolicyOnObject vSECCLuster AutomationTest Now we have a cluster with two members auto deployed. This open up the door for Auto-Scaling. Since we have a HA cluster deployed, we can add a cluster member and switch the cluster mode to LoadSharing. This part of the script doing this function: #!/bin/bash ## First, we need to add cluster member 3:echo "=========================="echo "Adding member3 to cluster "echo "=========================="./vsecClusterObject.sh createMemberObject vSECCluster member3 192.168.1.17 255.255.255.0 1.1.1.4 255.255.255.0 192.168.2.42 255.255.255.0./vsecClusterObject.sh createSICWithObject vSECCluster member3 MXEydzNlNHI=./vsecClusterObject.sh installPolicyOnObject vSECCLuster AutomationTestecho "==========================" echo "=========================="echo "set cluster in LoadSharingMode"./vsecClusterObject.sh setHAMode vSECCluster LoadSharingecho "==========================" # 5# pushing Policy:echo "=========================="echo "Installing policy..."echo "=========================="./vsecClusterObject.sh installPolicyOnObject vSECCLuster AutomationTest We now have a cluster of 3 members in loadsharing mode. To Scale-Down we just need to delete member3 and switch back to HA mode: #!/bin/bash echo "=========================="echo "Scaling down..."echo "=========================="./vsecClusterObject.sh setHAMode vSECCluster HighAvailability./vsecClusterObject.sh deleteMemberObject member3 vSECClusterecho "=========================="echo "Installing policy..."echo "=========================="./vsecClusterObject.sh installPolicyOnObject vSECCLuster AutomationTest One way to orchestrate is if by using Ansible and calling those scripts with SSH command on the management server. See attached Ansible Document for an how to. For a quick test, Here is a bash script example to call all those functions: create.sh #!/bin/bash# 1# Creating cluster Object:echo "=========================="echo "Creating cluster object..."echo "=========================="./vsecClusterObject.sh createClusterObject vSECCluster 192.168.1.14 1.1.1.0 255.255.255.0echo "==========================" # 2# Adding Member 1:echo "=========================="echo "Adding member1 to cluster "echo "=========================="./vsecClusterObject.sh createMemberObject vSECCluster member1 192.168.1.15 255.255.255.0 1.1.1.2 255.255.255.0 192.168.2.40 255.255.255.0./vsecClusterObject.sh createSICWithObject vSECCluster member1 MXEydzNlNHI=echo "==========================" # 3# Adding Member 2:echo "=========================="echo "Adding member2 to cluster "echo "=========================="./vsecClusterObject.sh createMemberObject vSECCluster member2 192.168.1.16 255.255.255.0 1.1.1.3 255.255.255.0 192.168.2.41 255.255.255.0./vsecClusterObject.sh createSICWithObject vSECCluster member2 MXEydzNlNHI=echo "==========================" # 4# Creating Cluster Virtual IP:echo "==========================="echo "Creating cluster virtual IP"echo "==========================="mgmt_cli login --root true > login.txt./vip.sh vSECCluster 192.168.1.14 eth0./vip.sh vSECCluster 1.1.1.1 eth1 # NEED VIP ON SYNC INTERFACE FOR AUTOSCALEUP AND DOWN./vip.sh vSECCluster 192.168.2.39 eth2mgmt_cli publish -s login.txtmgmt_cli logout -s login.txtrm login.txtecho "==========================" # 5# pushing Policy:echo "=========================="echo "Installing policy..."echo "=========================="./vsecClusterObject.sh installPolicyOnObject vSECCLuster AutomationTest I hope you enjoy and happy Scripting! 🙂

CheckPoint R80 API - find object by IP ?

Hello,Is it possible to find address objects by "IP address" instead of "Name" or "UID" ?I would think that it should be a possibility with "show-objects" query:POST https://<mgmt-server>:<port>/web_api/show-objectsUsing syntax like this:{ "limit" : 10, "offset" : 0, "order" : [ { "ASC" : "name" } ], "in" : [ "ipv4-address", "192.168.1.1" ], "type" : "host"}But it returns:{ "code": "generic_server_error", "message": "Management server failed to execute command"}It would be nice if "ipv4-address" key would work in the "show-host" search also.Is that something that is planned to be implemented in the future ?
Ray_Burquest
Ray_Burquest inside API / CLI Discussion and Samples 2 weeks ago
views 2501 15

Web API problem

Hi, I'm having an issue testing the v1.1 web-api. I can perform the initial login correctly and get the following response -[uid:0529db8e-495a-4021-9826-e05ffa17baf5, sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c, url:https://192.168.31.134:443/web_api, session-timeout:600, last-login-was-at:[posix:1506825546427, iso-8601:2017-09-30T22:39-0400], api-server-version:1.1]POST Success: HTTP/1.1 200 OKI then add the sid into the next request (show-changes) and get the following response:[code:generic_err_invalid_syntax, message:Login request message processing failed]POST Failure: HTTP/1.1 400 Bad RequestI can validate the query at httpbin.org which shows the following is the query I am generating -[args:[:], data:{"from-date":"2017-02-01T08:20:50","to-date":"2017-10-21"}, files:[:], form:[:], headers:[Accept:application/json, application/javascript, text/javascript, Connection:close, Content-Length:58, Content-Type:application/json, Host:httpbin.org, X-Chkp-Sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c], json:[from-date:2017-02-01T08:20:50, to-date:2017-10-21], origin:122.106.201.39, url:http://httpbin.org/post]As far as I can see the headers look correct and I am passing the X-chkp-sid, though this is getting passed as X-Chkp-Sid I believe the http rfc states the header is case insensitive.Can anyone help?