Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mahendra
Explorer

API calls going to mds instead of cma

in my setup, there is one MDS and serveral CMAs. i am passing a few API queries to one of the CMAs via CMA IP.

API for login or logout are working fine, but others like publish, add-host etc are going to MDS instead of CMA. Please help.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

What does your login call look like for these sessions?
Is the "domain" parameter specified with each and every login call made?

0 Kudos
mahendra
Explorer

tried that too.

when i tried to login to CMA while supplying "domain" parameter, response was : {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}

when i tried to login to MDS while supplying "domain" parameter, response was : {'code': 'generic_server_error', 'message': 'Management server failed to execute command'}

Log generated in smartview : Administrator failed to log in: SIC Error for cpmi: Server could not find authentication method, method returned deny for service cpmi.

Without supplying domain parameter, i was getting logged in to MDS, irrespective of the server IP (MDS or CMA)

Can you provide some guide... tried both python SDK and direct API calls.

0 Kudos
PhoneBoy
Admin
Admin

You need to explain the precise flow you are following.
For the login call:

  • What IP are you connecting to? Is it a CMA, MDS?
  • What is the exact call you're making? You can obscure the credentials and such, but showing the exact call would help.
  • Have you verified the user's credentials you are using are valid in the context they are issued? For example, if you're connecting to the CMA IP, the credentials need to be valid in the context of the CMA. Further, the user in question must have API access enabled, which is done in the relevant admin profile.

If you want to connect to a CMA using a global admin (instead of a CMA admin), I believe you need to connect to the MDS IP and specify the domain name in the API call.
@Omer_Kleinstern can you confirm?

0 Kudos
mahendra
Explorer

ok. i Got it.

I am multidomain superuser.

I tested everything and found out.

We can supply server address of either CMA or MDS to login.

and also need to supply domain name of CMA to be able to connect/query the CMA.

I will appreciate if you can provide me with latest API documentation.

I want to automate tasks like backup of config, rules, etc and adding/deleting/modifying rules, hosts, optization of rules as per number of hits (sorting)

0 Kudos
PhoneBoy
Admin
Admin

All of our API documentation is here: https://sc1.checkpoint.com/documents/latest/api_reference/index.html 
This is for all of our products.
The Management API in particular: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events