Showing results for 
Search instead for 
Did you mean: 
Create a Post
API / CLI Discussion and Samples

See our API Reference Guide to get using our APIs (including via the CLI)! If you have questions on how to use any of our APIs, including via the CLI using mgmt_cli, this is the place to look for help and code samples!

inside API / CLI Discussion and Samples yesterday
views 812 9 6

Check Point provider on Terraform is officially live!

      Hello all! We are glad to announce that Check Point provider on Terraform is officially live! Terraform is a very well-known solution for building, changing and versioning infrastructure. Terraform is cloud-agnostic and allows a single configuration to be used to manage multiple providers, and to even handle cross-cloud dependencies. This simplifies management and orchestration, helps to build and provision multi-cloud infrastructures. Check Point Provider can be used to automate security responses to threats, provision both physical and virtualized next-generation firewalls and automate routine Security Management configuration tasks, saving time and reducing configuration errors.With the Check Point provider, DevOps teams can automate their security and transform it into DevSecOps workflows. We’re now working to extend the list of supported API to include majority of Management and GAiA OS APIs and will have news very soon! This integration follows our integration with Ansible, introduced in 2019. We’re looking to accompany customers that use Terraform and Check Point and to build great stuff together. We also encourage you all to check out the provider, please feel free to share use cases and feedback, we’ll be glad to assist. You can contact myself  and Eran Habad 

Scripts in Python

Good Afternoon,I like to know if I can develop scripts in Python. If someone have information about I appreciate your answer. ThanksBRLenin
Stan_Mazur inside API / CLI Discussion and Samples yesterday
views 22268 7 1

Inventory gateway script

New to scripting , how do I run gateway-inventory script on MDS?
Sven_Glock inside API / CLI Discussion and Samples Thursday
views 26343 9 5

SmartConsole Scripts Repository use cases and experience

Hi Community,this week I recognized that I never have checked if there is a benefit in using SmartConsole's Scripts repository.After reading I decided to implement my first script which could be helpful on daily basis. It is calling the Packet Injector via SmartConsole and shows the result directly in the GUI without opening a dedicated ssh session.Now I am interested to see which usecases you found for using the Scripts Repository in SmartConsole.Please share your experience, your usecases or your code.Thanks for sharing.CheersSven

Enabling CORS

Hi Checkmates,Project:- Developing a Customized web portal using Checkpoint API for different users via C# .Problem:- i made a add-host API call to checkpoint FW and getting the error in Browser >>Console. Error:-OPTIONS https://<FW_management_ip>/web_api/add-host 401(Unauthorized)Access to XMLHttpRequest at 'https://<FW_management_ip>/web_api/add-host' from origin 'http://localhost:53352' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. conclusion:- Some CORS policy has to be enabled or 'Access-Control-Allow-Origin' has to be included How to do this ?🤔

MDS - Global search across CMAs (by IP)

I was asked to post this publicly. This is something I wrote for one of my accounts to be able to search across all CMAs for an IP address. It's a really straight forward function. The script crawls your domains and creates a search function script that it executes which then searches each CMA for that IP and outputs it to a single file in JSON format. Depending on feedback I could easily update this to make a CSV or other format. It also would be very easy to add an option to lookup by name to the script as well. Since this is a search by IP it will also list objects like subnets, ranges, etc that the IP can be a part of as well as group membership.   Feedback always welcome!

Not able to convert the ASA configuration using smart move tool

Am trying to convert my ASA config to CheckPoint by SmartMove and receive following error message:could not parse configuration file.Message: Unable to case object of type "ciscoMigration.cisco_groupobject" to type "Ciscomigration.cisco_object"Module: CiscoMigrationClass: Cisco_RouteMethod: ParsePls do the needful in resolving Thanks 

Retrieve policy details using api

I am trying to write a script to retrieve all policy details of R80 using web services api. I used show-package command to retrieve all policy package details . Also i made details-level full to retrieve all possible info. I wonder if this call will retrieve all the information about the package and all it's  objects ?here is my python code import requests, jsonhost = "" # hard code hostport = "" # hard code portdef api_call(ip_addr, port, command, json_payload, sid):url = 'https://' + ip_addr + ':' + port + '/web_api/' + commandif sid == '':request_headers = {'Content-Type' : 'application/json'}else:request_headers = {'Content-Type' : 'application/json', 'X-chkp-sid' : sid}r =,data=json.dumps(json_payload), headers=request_headers)return r.json()def login(user,password):payload = {'user':user, 'password' : password}response = api_call(host, port, 'login',payload, '')return response["sid"] def retrieve_policy(username,password,package_name):sid = login(username,password) #get sid after successful login to authenticate withretrieve_policy_data = {'name' : package_name,'details-level' : 'full'} #I made details-level full to retieve all possible inforetrieve_policy_result = api_call(host, port,'show-package', retrieve_policy_data ,sid)logout_result = api_call(host, port,"logout", {},sid) #logoutreturn retrieve_policy_result #all package details returned in json format 

adding network object with mgmt_cli batch CSV file

i try to add number of network object with cli tool but i received an error.i followed sk113078 and did exactly the same and received the error:Line 2: code: "generic_err_invalid_parameter_name"message: "Unrecognized parameter [name]"Line 3: code: "generic_err_invalid_parameter_name"message: "Unrecognized parameter [name]"Line 4: code: "generic_err_invalid_parameter_name"message: "Unrecognized parameter [name]"Executed command failed. Changes are discarded. the csv is:name,subnet,subnet-masknetwork1,,,,,,  i have R80.20 take: 103

Query API with Feature extraction sends response with extract_result CP_EXTRACT_RESULT_NOT_SCRUBBED

Hi Experts, I am always getting extract result "CP_EXTRACT_RESULT_NOT_SCRUBBED" from query api. Please find my request below. Request#1Upload API request:{\"request\":{\"file_name\":\"DOCX.docx\",\"file_type\": \"docx\",\"features\":[\"extraction\"],\"extraction\":{\"method\":\"clean\"}}}Upload API Response:{  "response": {    "status": {      "code": 1002,      "label": "UPLOAD_SUCCESS",      "message": "The file was uploaded successfully."    },    "sha1": "8064ff3d851f273df43376cfcb9c2ebd47131c8b",    "md5": "f78a90963ca8a382da6611eb5cdbe2e3",    "sha256": "056c1f0d31faa557cdac687b0fcc5103cc4aa0dbf8027499303e182754c981b8",    "file_type": "docx",    "file_name": "DOCX.docx",    "features": [      "extraction"    ],    "extraction": {      "method": "clean",      "tex_product": false,      "status": {        "code": 1002,        "label": "UPLOAD_SUCCESS",        "message": "The file was uploaded successfully."      }    }  }} Request#2Query API Request:{"request": [{"sha1": "8064ff3d851f273df43376cfcb9c2ebd47131c8b","file_name": "DOCX.docx","file_type": "docx","features": ["extraction"],"extraction": {"method": "clean"}}]}Query API Response:{  "response": [    {      "status": {        "code": 1001,        "label": "FOUND",        "message": "The request has been fully answered."      },      "sha1": "8064ff3d851f273df43376cfcb9c2ebd47131c8b",      "file_type": "docx",      "file_name": "DOCX.docx",      "features": [        "extraction"      ],      "extraction": {        "method": "clean",        "extract_result": "CP_EXTRACT_RESULT_NOT_SCRUBBED",        "output_file_name": "DOCX.docx",        "extraction_data": {          "input_extension": "docx",          "input_real_extension": "docx",          "message": "Skipped",          "output_file_name": "",          "protection_name": "Potential malicious content extracted",          "protection_type": "Content Removal",          "protocol_version": "1.0",          "risk": 0.0,          "scrub_activity": "The file doesn't include cleanable parts",          "scrub_method": "Clean Document",          "scrub_result": 4.0,          "scrub_time": "0.04",          "scrubbed_content": ""        },        "tex_product": false,        "status": {          "code": 1001,          "label": "FOUND",          "message": "The request has been fully answered."        }      }    }  ]} Can someone please help me what mistake am I doing here ? why query api response is not sending download file id ?

Python scripts to clone objects from local domain to global domain

OverviewThese scripts copy objects from a given local domain to the global domain.These scripts use the Python library Python library for using the management APIsDescriptionIn order to clone single object that his type is known run 'local_<object type>' -o <Object id> <Flags>In order to clone single object that his type is unknown run '' -o <Object id> <Flags>In order to clone more than one object :Add tag with <Tag name> (using SmartConsole or add-tag command on the command line) to the objects that need to be cloned.Run '' <Tag name> <Flags> Flags:   mandatory:-d <local domain name> : The local domain that contains the object that need to be cloned.-n <prefix>: The new global object name will be as follow : prefix_<local_object_name>.mandatory if running the script not on the management server:-s <Server IP> :The IP address or name of the Check Point Management Server.-u <User name>optional-p <port number> : Default value '443' -g <Global domain name> : Default value 'Global' Notes :     1. The script supports only the following objects types: host, network, address_range, network group, tcp service, udp service, service group.          For objects that are not one of these types, the script will not clone them and print an error.     2. In case a group object needs to be cloned, the script will clone the group and all the objects it contains.     3. Objects that contain the 'nat-settings' field will be cloned without this filed.The scripts creates:     1. logfile.txt     2. json_objects.json contains list of  {<original object uid> : <cloned global object uid>}     3. csv_file.csv contains {<original object uid>, <original object name>, <cloned global object name> <cloned global object uid>}          In case the global object wasn't created the <cloned global object name> <cloned global object uid> will remain empty.InstructionsFollow the steps below:     1. Unzip attached zip file     2. Download the Python library from the link above.     3. Extract the Python library folder to the folder containing the script.     4. Use the html guide (localToGlobal.html) to run the relevant scriptTested on versionR80, API version 1.0Source Code AvailabilityThe source code is now public on GitHub repository:GitHub - CheckPoint-APIs-Team/LocalToGlobal: Check Point LocalToGlobal tool enables you to copy objects from a local dom… NOTICE: By using this sample code you agree to terms and conditions in this Not authorized to view the specified document 1042...

Is there a way to make API calls using other methods for authentication?

We are exploring the vast wonders of the R80.30 API commands and would like to expand further but have some security concerns.  What we need is a way to make API calls (that does more than read) and not have to hard code the credentials into the call itself.Is there some type of API key that can be used for this type of work or some other method we can use to encrypt this?  A fear is that if the box is compromised, then a bad actor could just crack open the content and have some real fun, or possibly even sniff the credentials while we are making a call.Thanks,Patrick

mgmt_cli to delete all objects matching a pattern

This came across my mail from an internal source and it's too good not to share. A small bit of scripting with show-objects and delete-batch-objects can remove all objects (up to the 500 object limit of show-objects) based on a pattern. mgmt_cli login -u aa -p aaaa > /tmp/sid.txt.$$mgmt_cli -s /tmp/sid.txt.$$ delete objects-batch objects.1.type group $(mgmt_cli -s /tmp/sid.txt.$$ -f json show objects filter test-group- limit 500 | jq '.objects[].name' | cat -n | sed -r 's/^\s+([0-9]+)/objects.1.list.\' | tr '\n' ' ')mgmt_cli -s /tmp/sid.txt.$$ publish Explanation of commands: mgmt_cli -s /tmp/sid.txt.$$ delete objects-batch objects.1.type host Perform batch delete on the results of the next rows $(…) Treat the output of the command in parenthesis as command line arguments mgmt_cli -s /tmp/sid.txt.$$ -f json show-objects filter test-host- limit 500 Get objects containing test-host- jq '.objects[].name' Get the object names cat -n Add a line number to each name sed -r 's/^\s+([0-9]+)/objects.1.list.\' Replace each line number n with tr '\n' ' ' Put all the separate lines together on the same line as input to the delete-objects-batch command    

Check Point Visio Stencils

Is there any available file for with Check Point visio stencils?? I can not find any file in PartnerMAP and would be very helpful for Check Point partners for make network diagrams.

Is it possible to use the API to batch create users?

We want to add a lot of users at the same time (they will be used for remote VPN logins, i.e., we are not talking about gaia or admin users..The API has great support for adding network objects and the like, but we have not found a way to easily add users.. Unfortunately, we do not have an easy way to use templates or AD groups either, so at this time we would really like to have a way to batch add a lot of users..