This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergey_Slepkov
Employee
Employee
‎2018-03-01 03:38 AM
Jump to solution

Adding simple GW with several network interfaces using Web Services API

Hi, API experts!

I'm trying to automatize adding simple GWs to my MGMT using API.

With mgmt cli it works perfectly:

mgmt add simple-gateway name "GW-R80.10-API" color "black" ipv4-address "192.168.48.199" version "R80.10" one-time-password "sic123" firewall true application-control true url-filtering true ips true anti-bot true anti-virus true interfaces.1.name "eth0" interfaces.1.ipv4-address "192.168.48.199" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.anti-spoofing true interfaces.1.topology "external" interfaces.2.name "eth1" interfaces.2.ipv4-address "192.168.10.199" interfaces.2.ipv4-network-mask "255.255.255.0" interfaces.2.anti-spoofing true interfaces.2.topology "internal" interfaces.2.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"

But mgmt cli is not the thing I need, so Im trying to use Python script with Web Services API: 

>>> add_gw_data = {
... "name": "GW-R80.10-API",
... "color": "black",
... "ipv4-address": "192.168.48.199",
... "version": "R80.10",
... "one-time-password": "sic123",
... "firewall": "true",
... "application-control": "true",
... "url-filtering": "true",
... "ips": "true",
... "anti-bot": "true",
... "anti-virus": "true",
... "interfaces.1.name": "eth0",
... "interfaces.1.ipv4-address": "192.168.48.199",
... "interfaces.1.ipv4-network-mask": "255.255.255.0",
... "interfaces.1.anti-spoofing": "true",
... "interfaces.1.topology": "external",
... "interfaces.2.name": "eth1",
... "interfaces.2.ipv4-address": "192.168.10.199",
... "interfaces.2.ipv4-network-mask": "255.255.255.0",
... "interfaces.2.anti-spoofing": "true",
... "interfaces.2.topology": "internal",
... "interfaces.2.topology-settings.ip-address-behind-this-interface": "network defined by the interface ip and net mask"
... }
>>> add_gw = api_call(mgmt_ip_addr, "add-simple-gateway", add_gw_data, sid)
>>> print(json.dumps(add_gw))
{"message": "Unrecognized parameter [interfaces.2.name]", "code": "generic_err_invalid_parameter_name"}

How can I properly define all network interfaces?

Interfaces is List parameter, what is the proper syntax to define all the interfaces in this structure?

Thanks.

Labels
1 Solution

Accepted Solutions
Sergey_Slepkov
Employee
Employee
‎2018-03-05 11:01 PM
Jump to solution

Added a simple Python script, that

- creates internal network,

- creates single GW object with sic,

- adds MGMT rule to default Access policy, 

- publish and install Access policy to GW.

If you need a Threat Prevention policy installed, it should be installed after Access Policy, so you need to make some IF structure, that monitors successful installation of Access Policy before attempting a TP policy installation. 

I will upgrade script someday.

Cheers,

View solution in original post

add-simple-gw.py.zip
5 Replies
Sergey_Slepkov
Employee
Employee
‎2018-03-05 07:43 AM
Jump to solution

The answer is:

"interfaces": [{
   "name": "eth0",
   "ipv4-address": "192.168.48.199",
   "ipv4-network-mask": "255.255.255.0",
   "anti-spoofing": "true",
   "topology": "external"
   },
   {
   "name": "eth1",
   "ipv4-address": "192.168.10.199",
   "ipv4-network-mask": "255.255.255.0",
   "anti-spoofing": "true",
   "topology": "internal",
   "topology-settings": {
      "ip-address-behind-this-interface": "network defined by the interface ip and net mask"
      }
   }
]

Robert_Decker
Advisor
‎2018-03-06 01:16 AM
In response to Sergey_Slepkov
Jump to solution

Hi Sergey,

You should always go to the API docs and refs, you have some examples there how to do things.

There are examples for mgmt_cli tool and for web services as well, just select the required menu item on top.

For your case, go to this link and browse the second example.

Hope this helps.

Robert.

0 Kudos
Sergey_Slepkov
Employee
Employee
‎2018-03-05 11:01 PM
Jump to solution

Added a simple Python script, that

- creates internal network,

- creates single GW object with sic,

- adds MGMT rule to default Access policy, 

- publish and install Access policy to GW.

If you need a Threat Prevention policy installed, it should be installed after Access Policy, so you need to make some IF structure, that monitors successful installation of Access Policy before attempting a TP policy installation. 

I will upgrade script someday.

Cheers,

add-simple-gw.py.zip
Robert_Decker
Advisor
‎2018-03-06 01:19 AM
In response to Sergey_Slepkov
Jump to solution

Good Work!

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2018-03-07 12:05 AM
In response to Sergey_Slepkov
Jump to solution

nice

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events