This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bob_Zimmerman
Advisor
‎2021-11-07 07:06 AM

Building a policy package with empty installation targets?

To test the ability of my code to deal properly with policy packages with empty installation targets, I'm trying to build such a policy package. It's easy in SmartConsole, but I'm not sure how to do it via the API.

[Expert@TestSC:0]# mgmt_cli -s session.txt add package name "Installed_Nowhere" access true installation-targets "none"
code: "generic_err_object_not_found"
message: "Requested object [none] not found"

[Expert@TestSC:0]# mgmt_cli -s session.txt add package name "Installed_Nowhere" access true installation-targets ""
code: "generic_err_object_not_found"
message: "Requested object [] not found"

[Expert@TestSC:0]# mgmt_cli -s session.txt add package name "Installed_Nowhere" access true installation-targets "[]"
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show package name "Installed_Nowhere" details-level full | jq '."installation-targets"'
"all"
[Expert@TestSC:0]# mgmt_cli -s session.txt discard
number-of-discarded-changes: 1
message: "OK"

[Expert@TestSC:0]# mgmt_cli -s session.txt add package name "Installed_Nowhere" access true
[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show package name "Installed_Nowhere" details-level full | jq '."installation-targets"'
"all"
[Expert@TestSC:0]# mgmt_cli -s session.txt set package name "Installed_Nowhere" installation-targets.remove "all"
code: "generic_err_object_not_found"
message: "Requested object [all] not found"

Meanwhile, on a real box I have with a policy I built in SmartConsole:

[Expert@StandingLab:0]# mgmt_cli -f json -r true show package name "Installed_Nowhere" details-level full | jq '."installation-targets"'
[]

Is there a special value I can pass to 'add package' to get it to build a package with an empty installation targets list?

Separately, I have tried building it with a single installation target, then removing that target. That causes the property to change to "all" rather than to an empty list. That seems very unlikely to be expected behavior.

4 Replies
PhoneBoy
Admin
Admin
‎2021-11-07 09:03 AM

If None (notice the caps) doesn’t work, maybe @Omer_Kleinstern knows.

0 Kudos
Bob_Zimmerman
Advisor
‎2021-11-07 09:34 AM
In response to PhoneBoy

I thought I had tried that, but I had not. Sadly, I get the same result:

[Expert@TestSC:0]# mgmt_cli -s session.txt add package name "Installed_Nowhere" access true installation-targets "None"
code: "generic_err_object_not_found"
message: "Requested object [None] not found"

 

0 Kudos
Stuart_Green1
Employee
Employee
‎2021-11-08 09:00 AM
In response to Bob_Zimmerman

try this out (but be wary when using generic-object, I suspect you can do this with the REST API interface more easily but can't get at it right now in my lab).

mgmt_cli -r true set generic-object uid <UID for your policy package here> installationTargets
"SPECIFIC_GATEWAYS"

The equivalent setting for the default of all gateways is ALL_INTERNAL_GATEWAYS

Bob_Zimmerman
Advisor
‎2021-11-09 10:53 AM
In response to Stuart_Green1

That worked. Thanks!

Separately, the properties in 'show generic-object' are camelCase, which is incredibly nice. I don't recall seeing anything about this in the API documentation, but it's possible I've been looking in the wrong places. This could make my life significantly easier.

0 Kudos