This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DPB_Point
Contributor
Contributor
‎2019-03-29 04:54 AM
Jump to solution

API - Adding network objects with the same IP than others already created

HI!

I am trying to create network objects in a checkpoint due to a migration. As in ASA we could have created objects with the same network range(duplicated objects), I am having several problems to migrate it succesfully.

I am using a csv file in which I have included the objects with the syntax that Checkpoint allows. I use the following command:

mgmt_cli add network -r true --batch prueba.csv -d IBDL_CALES

I have also added the ignore-warnings field, ignore-errors and set-if-exists fields but none of them let me create the object that has the same IP or IP range than the ones that are created in the Checkpoint. The output I get is the following:

Line 2: code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "More than one network have the same IP x.x.x.x/y.y.y.y"

Does Any of you know how to supress that warnings and create that duplicated objects?

 

It's important to me creating them because they are a lot of objects(I have the same problem ith the hosts) and then We want to migrate the policies too and we must have the same objects than in the ASA.

1 Solution

Accepted Solutions
DPB_Point
Contributor
Contributor
‎2019-04-01 12:10 AM
In response to DPB_Point
Jump to solution

I have just found out how to solve it. The problem was that it's compulsory to include it in the csv file as a field and you can't type it as a field in the mgmt_cli command.

Thanks for the support!!!

View solution in original post

10 Replies
PhoneBoy
Admin
Admin
‎2019-03-29 06:55 AM
Jump to solution

Just to clarify, you have an object that covers x.y.z.w/a.b.c.d and want to create another with a different name?
Are you adding set-of-exists true to your CLI command or the CSV?
0 Kudos
Adam_Forester
Ambassador
Ambassador
‎2019-03-29 07:14 AM
In response to PhoneBoy
Jump to solution

set-if-exists will update the object not create a second one. If he is trying to create different named objects but same subnet it would just update the name.
venkata_marutur
Contributor
‎2019-07-23 11:29 AM
In response to Adam_Forester
Jump to solution

This is not what I am noticing. This is what I am seeing:
Created Test-1( 1.1.1.0 /24) using Smartconsole CLI like this :
> add network name Test-1 subnet 1.1.1.0 subnet-mask 255.255.255.0 color blue
Published the change.
Then did this, expecting the name will change:
> add network name Test-2 subnet 1.1.1.0 subnet-mask 255.255.255.0 color blue set-if-exits true ignore-warnings true ignore-errors true
But it did create two objects "Test-1" and "Test-2" with same network 1.1.1.0/24

Can you please guide me? My API version is 1.1

Thanks.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-07-23 12:35 PM
In response to venkata_marutur
Jump to solution

set-if-exists true will only work if you create an object with the same name, not if you create an object with a different name for the same IP.
Further, you suppressed knowledge of this with ignore-warnings true, which should have prevented you from doing that.

This is expected behavior.
0 Kudos
venkata_marutur
Contributor
‎2019-07-23 12:58 PM
In response to PhoneBoy
Jump to solution




So, what should I do if I want to "Create a new object with an IP but just edit the name and parameters like comments and color if another object with that IP does exist"? Or in other words how do I make "set-if-exists" to look for IP address instead of name?
Thanks in advance!
0 Kudos
Adam_Forester
Ambassador
Ambassador
‎2019-07-23 01:02 PM
In response to venkata_marutur
Jump to solution

I’m going to send you a direct message and we can work through this. 

0 Kudos
Adam_Forester
Ambassador
Ambassador
‎2019-03-29 07:03 AM
Jump to solution

add this to your command 'ignore-warnings true ignore-errors true'

That will ignore the errors...
DPB_Point
Contributor
Contributor
‎2019-03-31 11:59 PM
In response to Adam_Forester
Jump to solution

As I have mentioned before, I have already tried to put that ignore errors field and the warnings field and I continue receiving the following error:

Line 2: code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "More than one network have the same IP x.x.x.x/y.y.y.y"


Executed command failed. Changes are discarded.

0 Kudos
DPB_Point
Contributor
Contributor
‎2019-04-01 12:10 AM
In response to DPB_Point
Jump to solution

I have just found out how to solve it. The problem was that it's compulsory to include it in the csv file as a field and you can't type it as a field in the mgmt_cli command.

Thanks for the support!!!

Marko_Grmek
Participant
‎2019-04-28 11:24 PM
In response to DPB_Point
Jump to solution

Hello DPB_Point ,

 

what is the exact syntax in csv file?

 

I tried to put ignore_warnings ignore_errors, ignore-warnings, ignore-errors in the first line, but still giving an error:

 

error message:

Line 4: code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "Multiple objects have the same IP address 1.1.1.3"


Executed command failed. Changes are discarded.

 

Thank you,

 

Marko

 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top