Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ed_Eades
Contributor

Bulk Add Network Objects

I am looking for advice on how to bulk add network objects.  I need to add around 550 networks and we are on GAIA R80.10.  I have read some about dbedit, Using a dbedit script to create new network objects and network object groups, but I am not sure if that would still be the best method.  I will also mention I have never used dbedit.  When adding these network objects I would also like to add a description on each network object.  The dbedit link does not include the syntax for the description. 

I came across a thread on cpug that If R80, there are more robust CLI for these things.  You can find documentation and several examples at https://community.checkpoint.com.

Thanks in advance!

17 Replies
PhoneBoy
Admin
Admin

For this task, you can use dbedit, but you don't need to.

R80+ has a new API/CLI that is a bit easier to use than dbedit.

See the documentation for using mgmt_cli add host here: Check Point - Management API reference: add host 

There are several examples in the https://community.checkpoint.com/community/developers?sr=search&searchId=b0714703-c1b9-449b-afb4-084...‌ space.

One specific example that might be useful here: CLI API Example for exporting, importing, and deleting different objects using CSV files (v 00.25.01...

Ed_Eades
Contributor

Very helpful, thank you.  Can you tell me what the Parameter Name would be for the "Comment" Field?  I would like put a comment on all the networks I am adding.

Thanks again!

PhoneBoy
Admin
Admin

The parameter is comments.

It's listed in the documentation, but hidden behind text that can be expanded with a "More" link.

Ed_Eades
Contributor

I have tried testing using the API/CLI with a .csv file but receive an error message.  I uploaded file test.csv to the var/log directory and ran the command,  mgmt_cli add network --batch var/log/test.csv

The .csv file looks like this

name,subnet,subnet-mask,comments
NET_10.10.16.0,10.10.16.0,255.255.255.0,Test Network

The error message received is:

Line 2: code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [name]"

I am not sure what may be causing this to fail.

Thanks.

Robert_Decker
Employee Alumnus
Employee Alumnus

Hi Ed,

The command and the content of the csv file look correct.

From which directory are you running the mgmt_cli tool?

Robert.

Ed_Eades
Contributor

I had underscores in the name field of the CSV file.  Eventhough GAIA accepts names with underscores, CSV files typically do not handle underscores well.  After removing the underscore I was able to import using the mgmt._cli add network --batch command.  The import is a huge time saver. 

Thanks for all the input. 

Tom_Cripps
Advisor

Hi Robert,

I'm running into a similar issue, my names don't have underscores like Ed's. I'm running this application from within the home/admin directory with the csv also within that directory as well.

Any tips?

0 Kudos
Tim_Koopman
Contributor

Hi,

I have created a PowerShell module that uses the Web API calls. One of the examples I have using it is doing an import from Excel file of network objects. Very easy to import as many objects as you like.

R80 PowerShell Module   | GitHub: Import from Excel Example 

Regards

Tim

Ankur_Datta
Collaborator

I am trying to add objects into CMA. but when i run api command i get below error:

Line 11: code: "generic_err_invalid_parameter"
message: "Parameter [nat-settings] value is not valid"

I ran following command:

mgmt_cli add host  --batch networkobjects.csv

and excel sheet has following fields:

and nat settings has 

kindly advise.

0 Kudos
PhoneBoy
Admin
Admin

If you want to set individual NAT settings in a CSV, you must specify each setting correctly as a name value pair.

Since nat-settings has subsettings, this means you will need multiple parameters.

For example, you would need nat-settings.hide-behind with value "ip-address" and nat-settings.ipv4-address with value "yourip".

0 Kudos
Ankur_Datta
Collaborator

Thanks Dameon. got it. I thought export csv file from smart console will work but i was wrong.

I have one more question. If i want to move network objects from one CMA to another CMA in same MDS through api. What is the procedure? I tested this but unfortunately objects didn't appeared in new CMA.

I was in CMA env and executed the api command from there through CLI.

0 Kudos
PhoneBoy
Admin
Admin

At a high level, you would be making successive calls to the relevant APIs to read the objects against one CMA, then write them to the other CMA.

There are several working examples of this on CheckMates.

0 Kudos
Ankur_Datta
Collaborator

Hi Dameon,

I can't find any post. 

kindly can you please share the link if you are aware off.

Thanks

0 Kudos
PhoneBoy
Admin
Admin

You're corresponding with our R&D on one such tool Smiley Happy

Here's another that does export/import via CSV files: CLI API Example for exporting, importing, and deleting different objects using CSV files (v 00.29.02...

I also provided a sample with raw API calls recently here (calling via curl on the CLI): https://community.checkpoint.com/thread/5999-cli-help?commentID=36360#comment-36360 

0 Kudos
Aathi
Contributor

Hi Team,

 

Can you guide how to import the range of ip address which is in csv file in checkpoint managment server.

119.227.224.0-119.227.255.255

 

Regards

Aathi

0 Kudos
Jason_Grubbs
Participant

@PhoneBoy I know this is an old post, but I found it when searching for information about bulk importing.  So far, the info has been excellent!  

I have one question about adding networks to an existing group using a csv.

I see from the API reference https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-network~v1.1%20 that I can add a network to a group, but what is the syntax I use in the CSV?  Same for Tags...

For Example:

namesubnetsubnet-maskcommentstags
Zoom-101.36.167.0/24101.36.167.0255.255.255.0Zoom-101.36.167.0/24Zoom

 

Or do I need to add more info to the tags field:

namesubnetsubnet-maskcommentstags
Zoom-101.36.167.0/24101.36.167.0255.255.255.0Zoom-101.36.167.0/24name "Zoom"
0 Kudos
PhoneBoy
Admin
Admin

In the CSV header line, use groups.1 or tags.1 as appropriate.
To add to additional groups as part of the same CSV, increment the number (e.g. groups.2, tags.2).
You can see an example here: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/One-liner-Convert-CSV-for-Managem...