This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PeterH
Participant
‎2020-04-07 07:00 AM

API set-access-rule Adding / removing Source or destination

Jump to solution

I done the following with mgmt_cli:

set access-rule rule-number 1 layer "Test Network" source.add "Test_Host1"

set access-rule rule-number 1 layer "Test Network" source.add "Test_Host2"

set access-rule rule-number 1 layer "Test Network" source.add "Test_Host3"

set access-rule rule-number 1 layer "Test Network" source.add "Test_Host4"

set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host1"

set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host2"

set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host3"

set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host4"

 

How can I do the same with curl?

source.add as well destination.remove gets the error

"code" : "generic_err_invalid_syntax",
"message" : "Payload is not a valid JSON"

 

 

 

1 Solution

Accepted Solutions
Ryan_Darst
Employee
Employee
‎2020-04-08 06:26 AM
In response to PeterH

Jump to solution

For the source/destination/service fields we can use the add/remove functions of the set-access-rule api call.

Here is an example in JSON of adding hosts as a source to a rule.  This will add the three hosts to the source of the rule without having to specify all of the sources that are there already.

{
"name" : "Test Rule",
"layer" : "Network",
"source" : { "add" : ["host1", "host2", "host3"]
   }
}

 

Hope this helps.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2020-04-07 05:31 PM

Jump to solution
What precisely did you try?
0 Kudos
PeterH
Participant
‎2020-04-07 11:47 PM
In response to PhoneBoy

Jump to solution

Hi PhoneBoy

As you can see I added Test_Host1 to Test_Host4 into the source column of the existing Rule 1 in Policy Package Test, as well removing Test_Host1 to Test_Host4 from the destination column in the same Rule and Policy. I did that successful within the mgmt_cli tool, but would like to do the same with curl or curl_cli.

The problem is the syntax in the curly brackets of curl  ...set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source.add" : "Test_Host5"}'

 

0 Kudos
PeterH
Participant
‎2020-04-08 04:18 AM
In response to PeterH

Jump to solution

Hi PhoneBoy

In the meantime I found a workarround for the problem.
Simply list all sources or destinations in the rule and then add or remove selectiv.

- add Test_Host1 to Test_Host4 into source column
set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host1","Test_Host2","Test_Host3","Test_Host4"]}

- remove Test_Host1 from source column
set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host2","Test_Host3","Test_Host4"]}

The same for destionation.

I think there should be a simpler solution for that.

0 Kudos
Ryan_Darst
Employee
Employee
‎2020-04-08 06:26 AM
In response to PeterH

Jump to solution

For the source/destination/service fields we can use the add/remove functions of the set-access-rule api call.

Here is an example in JSON of adding hosts as a source to a rule.  This will add the three hosts to the source of the rule without having to specify all of the sources that are there already.

{
"name" : "Test Rule",
"layer" : "Network",
"source" : { "add" : ["host1", "host2", "host3"]
   }
}

 

Hope this helps.

PeterH
Participant
‎2020-04-08 07:37 AM
In response to Ryan_Darst

Jump to solution
Many thanks, much easier than my workarround
0 Kudos