This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andreas_Lorenze
Participant
‎2019-01-24 03:52 AM

API install-policy behavior if policy name changes

Hi,

how does "install-policy" behave when the policy name to be installed does not match to the one already installed on the target gateway. Doing it by GUI you get a warning, but you can force it. The API reference error codes didn't gave me a hint.

1.    Will the install fail? If yes, any option to force it?

vice versa

2.    If it would just install, any option to force to stop with error?

thx in advance

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-01-26 12:10 PM

As this is an API question, I am moving this to Developers (Code Hub)

And, you appear to be correct, the install-policy API call does not let you know that you are changing the policy from X to Y.

I'm also not clear what API call you need to make to check this beforehand.

Amiad Stern‌?

0 Kudos
Amiad_Stern
Mod
Mod
‎2019-01-26 11:38 PM

This is a bad behavior of install policy via API. We will address it in the next versions. Thanks for your input.

In the mean time, this logic can be accomplished with few api commands (as a "script"):

1. get relevant policy installed on target  (show gateways-and-servers)

2. check if the policy installed is different from the one that is about to be installed

3. fail if it is different (or make your script interactive and wait for user input to keep installation)

0 Kudos
Andreas_Lorenze
Participant
‎2019-01-28 03:15 AM
In response to Amiad_Stern

Hi Amiad,

thx for making it clear.

Just the workaround is not really one. You need to switch to detailed-level full for the show command. And to work through that is quite complicate as the output does not only contain gateways with "access-policy". So it bit much effort just to cover that.

0 Kudos
Amiad_Stern
Mod
Mod
‎2019-01-28 10:56 AM
In response to Andreas_Lorenze

You're right there is some extra work to do, but you can use jq to filter only relevant results which might make it easier.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top