- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi, API experts!
I'm trying to automatize adding simple GWs to my MGMT using API.
With mgmt cli it works perfectly:
mgmt add simple-gateway name "GW-R80.10-API" color "black" ipv4-address "192.168.48.199" version "R80.10" one-time-password "sic123" firewall true application-control true url-filtering true ips true anti-bot true anti-virus true interfaces.1.name "eth0" interfaces.1.ipv4-address "192.168.48.199" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.anti-spoofing true interfaces.1.topology "external" interfaces.2.name "eth1" interfaces.2.ipv4-address "192.168.10.199" interfaces.2.ipv4-network-mask "255.255.255.0" interfaces.2.anti-spoofing true interfaces.2.topology "internal" interfaces.2.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"
But mgmt cli is not the thing I need, so Im trying to use Python script with Web Services API:
>>> add_gw_data = {
... "name": "GW-R80.10-API",
... "color": "black",
... "ipv4-address": "192.168.48.199",
... "version": "R80.10",
... "one-time-password": "sic123",
... "firewall": "true",
... "application-control": "true",
... "url-filtering": "true",
... "ips": "true",
... "anti-bot": "true",
... "anti-virus": "true",
... "interfaces.1.name": "eth0",
... "interfaces.1.ipv4-address": "192.168.48.199",
... "interfaces.1.ipv4-network-mask": "255.255.255.0",
... "interfaces.1.anti-spoofing": "true",
... "interfaces.1.topology": "external",
... "interfaces.2.name": "eth1",
... "interfaces.2.ipv4-address": "192.168.10.199",
... "interfaces.2.ipv4-network-mask": "255.255.255.0",
... "interfaces.2.anti-spoofing": "true",
... "interfaces.2.topology": "internal",
... "interfaces.2.topology-settings.ip-address-behind-this-interface": "network defined by the interface ip and net mask"
... }
>>> add_gw = api_call(mgmt_ip_addr, "add-simple-gateway", add_gw_data, sid)
>>> print(json.dumps(add_gw))
{"message": "Unrecognized parameter [interfaces.2.name]", "code": "generic_err_invalid_parameter_name"}
How can I properly define all network interfaces?
Interfaces is List parameter, what is the proper syntax to define all the interfaces in this structure?
Thanks.
Added a simple Python script, that
- creates internal network,
- creates single GW object with sic,
- adds MGMT rule to default Access policy,
- publish and install Access policy to GW.
If you need a Threat Prevention policy installed, it should be installed after Access Policy, so you need to make some IF structure, that monitors successful installation of Access Policy before attempting a TP policy installation.
I will upgrade script someday.
Cheers,
The answer is:
"interfaces": [{
"name": "eth0",
"ipv4-address": "192.168.48.199",
"ipv4-network-mask": "255.255.255.0",
"anti-spoofing": "true",
"topology": "external"
},
{
"name": "eth1",
"ipv4-address": "192.168.10.199",
"ipv4-network-mask": "255.255.255.0",
"anti-spoofing": "true",
"topology": "internal",
"topology-settings": {
"ip-address-behind-this-interface": "network defined by the interface ip and net mask"
}
}
]
Hi Sergey,
You should always go to the API docs and refs, you have some examples there how to do things.
There are examples for mgmt_cli tool and for web services as well, just select the required menu item on top.
For your case, go to this link and browse the second example.
Hope this helps.
Robert.
Added a simple Python script, that
- creates internal network,
- creates single GW object with sic,
- adds MGMT rule to default Access policy,
- publish and install Access policy to GW.
If you need a Threat Prevention policy installed, it should be installed after Access Policy, so you need to make some IF structure, that monitors successful installation of Access Policy before attempting a TP policy installation.
I will upgrade script someday.
Cheers,
Good Work!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY