This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nick_Doropoulos
Advisor
‎2019-02-07 12:54 AM

Adding network object via mgmt_cli tool

According to Check Point - Management API reference , below are the mandatory parameters for adding a network object:

Below is my command:

And below is the result:

As far as I can see, I haven't made a mistake in the syntax while the ip-address parameter is not even on the list among the mandatory arguments shown above. What's more, I have also used the "subnet4", "ip-address" and "ipv4-address" keywords without having any luck.

Has anybody had issues with this?

Thanks.

0 Kudos
5 Replies
Kim_Moberg
Advisor
‎2019-02-07 11:45 AM

Hi Nicholas,

I have created the following script with the purpose of what you want to achieve.

Basically your error is related to the command nat-settings.auto-rule "true"  which fails.. I am not sure this is necessary. Leave it out if you don't need it. 

Hope this can help you on your way.

You can test below code  by

1) open ssh to SMS server

2) vi <name of the script file.sh>

3) press 'i' for insert

4) right click to paste code in to file

5) press ESC 

6) press ':' and 'w' and 'q' for write and exist vi

7) chmod +x <name of script file.sh>

😎 ./<name of script file.sh>

Running the script will guide you what you need to do next.

As you can see it is now created.

---- start script Network.sh -------
#/bin/bash

#########################################################################
# script created by Kim Moberg, Eurowind Energy A/S - February 7th 2019
#
#########################################################################

# Clear screen
clear

########################################################################
# Login to the API server, and save session to file id.txt
# Remeber when running the script setting the username and password
# without saving the password in the script file.
#
#######################################################################

# ask for credentials from user
echo "Please enter your username and password"
read -p "Enter username and press [ENTER]: " USER
read -s -p "Enter password and press [ENTER]: " PASS
echo

mgmt_cli login user ${USER} password ${PASS} > id.txt

# in case of an error: print to screen the error message and abort
if [ $? -ne 0 ]; then
echo "Login command failed."
cat id.txt
exit 1
fi


######################################################################
# Ask for user to define variables.
#
# Enter the name of the Network
# Enter subnet eg. 192.0.2.0
# Enter subnet-mask eg. 255.255.255.0
#
#####################################################################
echo
echo "Please enter Network name and IP subnet address and subnet mask."
read -p "Enter Network Name eg. DMZ_Network [ENTER] : " NETWORKNAME
echo
echo "Please defind network"
read -p "Enter subnet eg. 192.0.2.0 [ENTER] : " SUBNET
read -p "Enter subnet-mask eg. 255.255.255.0 [ENTER] : " SUBNETMASK
echo

networkname="${NETWORKNAME}"

mgmt_cli -s id.txt add network name $networkname subnet "${SUBNET}" subnet-mask "${SUBNETMASK}" comments "Auto generated network object with MGMT API"
mgmt_cli -s id.txt publish

#####################################################################
# Finalize publish all the changes. We must logout.
#
# The correct flow when working with management API -
# Login -> work -> publish/discard -> logout
#
#####################################################################
mgmt_cli logout -s id.txt

----end of script file-----

Best regards

Kim

Best Regards
Kim
Nick_Doropoulos
Advisor
‎2019-02-08 02:22 AM
In response to Kim_Moberg

Much appreciated Kim, thank you!

0 Kudos
Kim_Moberg
Advisor
‎2019-02-08 11:27 AM
In response to Nick_Doropoulos

You are welcome. 

Best Regards
Kim
Kim_Moberg
Advisor
‎2019-02-07 11:52 AM

Hi again

If you need to use the nat-settings you should do

As you can see it is not enough to just add nat-settings.auto-rule true but you need too add all the other required fields too.

This is taken from the manual

mgmt_cli add network name "New Network 3" subnet "192.0.2.1" subnet-mask "255.255.255.0" nat-settings.auto-rule true nat-settings.method "static" nat-settings.hide-behind "ip-address" nat-settings.ip-address "192.0.2.1" nat-settings.install-on "All" --version 1.4 --format json

All the required fields to add nat-settings...

nat-settings.auto-rule true nat-settings.method "static" nat-settings.hide-behind "ip-address" nat-settings.ip-address "192.0.2.1" nat-settings.install-on "All"

Hope this could help.

Best regards

Kim

Best Regards
Kim
Prashant_YADAV1
Contributor
‎2019-11-03 07:11 PM
In response to Kim_Moberg

Hey Kim,

Thanks for helping lot of users..
is there way to change multiple objects name start like object1* Nat (installed on target setting using mgmt cli tool )
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events