This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ekta_Siwani1
Contributor
‎2017-07-05 12:27 AM
Jump to solution

Can I create duplicate object(Network or Host) using R80.10 API

Hi,

My requirement is to create a two object with different name but same IP Address using R80.10 API.

When we create host or network object API will do error check for duplicate IP, It will not let us create two object with same IP but different name.

Can i tell API to skip this error check.

Or is there any other way to achieve same?

Labels
3 Solutions

Accepted Solutions
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2017-07-05 10:38 PM
Jump to solution

You can instruct API to ignore warnings or errors (but not blocking errors) by providing ignore-warnings or ignore-errors correspondingly. 

Example

[Expert@host]# mgmt_cli -s id.txt add host name abc ip-address 1.1.1.1
[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1
code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "Multiple objects have the same IP address 1.1.1.1"

[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1 ignore-warnings true
[Expert@host]#

Documentation for add-host (find the fields under "More" section in Request Parameters)

Pay attention that in case of ignored errors - you wan't be able to publish!

View solution in original post

Don_Paterson
MVP Gold
MVP Gold
2 weeks ago
In response to DZ_KB
Jump to solution

Eugene's profile shows as Alumnus. I think he no longer works for Check Point.

 

What are you wanting to do? 

 

This should work for you:

mgmt_cli  add host --batch hosts.csv

 

hosts.csv

name,ip-address,ignore-warnings
host-1,10.0.0.5,true
host-2,10.0.0.6,true
host-3,10.0.0.5,true

 

You will see the three hosts in the SmartConsole and host-1 and host-3 will both have IP address 10.0.0.5

 

If you want to change the existing objects. For example the colour of the object:

name,ip-address,ignore-warnings,color,set-if-exists
host-1,10.0.0.5,true,Cyan,true
host-2,10.0.0.6,true,Cyan,true
host-3,10.0.0.5,true,Cyan,true

 

set-if-exists true will effectively change the add part of the command to a set so that an existing objects properties are changed (or something like colour added, as shown in the example above).

View solution in original post

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
Monday
In response to DZ_KB
Jump to solution

Are you using no-warnings True or ignore-warnings true?

Sounds like you may need to use set-if-exists true (see example in my last reply and below).

 

This is a working example:

mgmt_cli add service-tcp --batch tcp-services.csv

tcp-services.csv

name,port,ignore-warnings
http-new-1,80,true
http-new-2,80,true
http-new-3,80,true

That adds new tcp service using port 80

 

This is an updated tcp-services.csv and it effectively includes set-if-exists true 

name,port,color,ignore-warnings,set-if-exists
http-new-1,80,Olive,true,true
http-new-2,80,Red,true,true
http-new-3,80,Green,true,true



There is also the clone option, in case that helps.

clone service-tcp name "http" new-name "tcp-new-81" port 81

View solution in original post

(1)
16 Replies
Eugene_Grybinny
Employee Alumnus
Employee Alumnus
‎2017-07-05 10:38 PM
Jump to solution

You can instruct API to ignore warnings or errors (but not blocking errors) by providing ignore-warnings or ignore-errors correspondingly. 

Example

[Expert@host]# mgmt_cli -s id.txt add host name abc ip-address 1.1.1.1
[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1
code: "err_validation_failed"
message: "Validation failed with 1 warning"
warnings:
- message: "Multiple objects have the same IP address 1.1.1.1"

[Expert@host]# mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1 ignore-warnings true
[Expert@host]#

Documentation for add-host (find the fields under "More" section in Request Parameters)

Pay attention that in case of ignored errors - you wan't be able to publish!

DZ_KB
Collaborator
2 weeks ago
In response to Eugene_Grybinny
Jump to solution

Hi @Eugene_Grybinny ,

Why the command line  "mgmt_cli -s id.txt add host name abc2 ip-address 1.1.1.1 ignore-warnings true" works and with batch it doesn't work ?

# mgmt_cli  add host batch host.csv ignore-warnings true

# cat host.csv

name,ip-address

abc2 ,1.1.1.1

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
2 weeks ago
In response to DZ_KB
Jump to solution

Eugene's profile shows as Alumnus. I think he no longer works for Check Point.

 

What are you wanting to do? 

 

This should work for you:

mgmt_cli  add host --batch hosts.csv

 

hosts.csv

name,ip-address,ignore-warnings
host-1,10.0.0.5,true
host-2,10.0.0.6,true
host-3,10.0.0.5,true

 

You will see the three hosts in the SmartConsole and host-1 and host-3 will both have IP address 10.0.0.5

 

If you want to change the existing objects. For example the colour of the object:

name,ip-address,ignore-warnings,color,set-if-exists
host-1,10.0.0.5,true,Cyan,true
host-2,10.0.0.6,true,Cyan,true
host-3,10.0.0.5,true,Cyan,true

 

set-if-exists true will effectively change the add part of the command to a set so that an existing objects properties are changed (or something like colour added, as shown in the example above).

0 Kudos
DZ_KB
Collaborator
Monday
In response to Don_Paterson
Jump to solution

Hi @Don_Paterson ,

This is exactly what i was expecting.  (Strong).

I'm now trying to do the same with services but i'm facing a problem when i want to add a service which already exist.I have tried with "no-warnings True " but it does not work.

Do you know hiw to solve this ?

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
Monday
In response to DZ_KB
Jump to solution

Are you using no-warnings True or ignore-warnings true?

Sounds like you may need to use set-if-exists true (see example in my last reply and below).

 

This is a working example:

mgmt_cli add service-tcp --batch tcp-services.csv

tcp-services.csv

name,port,ignore-warnings
http-new-1,80,true
http-new-2,80,true
http-new-3,80,true

That adds new tcp service using port 80

 

This is an updated tcp-services.csv and it effectively includes set-if-exists true 

name,port,color,ignore-warnings,set-if-exists
http-new-1,80,Olive,true,true
http-new-2,80,Red,true,true
http-new-3,80,Green,true,true



There is also the clone option, in case that helps.

clone service-tcp name "http" new-name "tcp-new-81" port 81

(1)
DZ_KB
Collaborator
Monday
In response to Don_Paterson
Jump to solution

Thanks, @Don_Paterson. All good. I tested with the web services too, and it works well.

Eric_Beasley
Employee
Employee
‎2017-07-14 12:47 PM
Jump to solution

In the comment above from Eugene Grybinny he states that you won't be able to publish with ignored errors; however, this is only the case if the issue generates a validation warning, which should be documented in the failure for the publish operation.

For the generation of an object that duplicates elements of another objects, but is not a 100% clone, there should not be an issue.  I've done this when doing exports to CSV files and then importing those CSV files via -batch mode on mgmt_cli.

If you don't specify the ignore-warnings or ignore-errors CLI option, a -batch operation may complete, but will not execute the changes/additions of the problem items, which can cause follow-on issues doing multiple import operations in succession.

The utilization of the ignore-warnings and ignore-errors option is especially necessary when working with network and group objects, since Get Interfaces in R80 and later will import the static routes and generate a network object for the interface if there is no existing network object covering the target network, and will group them into a set with static route identified networks to add in the topology configuration.  If these Check Point generated groups and networks exist, then not using the ignore options will result in failure to create the item from the API, since those networks already exist in another object.

0 Kudos
SD_Networking
Contributor
‎2017-12-07 06:46 AM
Jump to solution

Hello,

I am having strange issue "set-if-exists true" doesnt work with batch csv option.

here:

mgmt_cli add host set-if-exists true -b hosts2.csv
Username: admin
Password:
Line 2: code: "err_validation_failed"
message: "Validation failed with 1 warning and 1 error"
warnings:
- message: "Multiple objects have the same IP address 192.168.162.18"
errors:
- message: "More than one object named 'HGSDPN_VPN_HUDSON5' exists."


Executed command failed. Changes are discarded.

 mgmt_cli add host name "HGSDPN_VPN_HUDSON5" ip-address "192.168.162.18" set-if-exists true
Username: admin
Password:


---------------------------------------------
Time: [17:30:52] 7/12/2017
---------------------------------------------
"Publish operation" succeeded (100%)

Any way to fix it ???

0 Kudos
Robert_Decker
Advisor
‎2017-12-07 07:07 AM
In response to SD_Networking
Jump to solution

add the "ignore-warnings true" option at the end.

0 Kudos
Eric_Beasley
Employee
Employee
‎2017-12-07 08:30 PM
In response to SD_Networking
Jump to solution

Hi,

You can create multiple distinctly named objects with the same IP Address or IP Address range/network; however, you CAN NOT create duplicate objects with the same NAME, which you are trying to do.

Object names must be unique within a Domain (e.g. SMS, or single domain on in MDM), so you go the warning (will allow it to pass) on the IP Address; however, the error on the duplicate name terminates the operation.

BR

Eric

Eric Beasley

Security Engineer, North America Channel Sales

Cell: +1 708-224-7724 E-mail: ericb@checkpoint.com

0 Kudos
Robert_Decker
Advisor
‎2017-12-07 09:45 PM
In response to Eric_Beasley
Jump to solution

Hi Eric,

He is not creating different objects with the same name, he is using a "set_if_exists" flag, which will update an existing object (with the same name AND TYPY).

Robert.

0 Kudos
SD_Networking
Contributor
‎2017-12-08 12:33 AM
Jump to solution

Thanks for the response guys, actually it was my mistake i was putting set_if_exists in the command but in batch option it has be inside CSV file, it fixed my problem.

0 Kudos
Philipp_Schiff
Participant
‎2018-02-22 06:54 AM
In response to SD_Networking
Jump to solution

How did you do it exactly? What is the syntax in the csv?

Thanks,
Philipp

Robert_Decker
Advisor
‎2018-02-22 07:10 AM
In response to Philipp_Schiff
Jump to solution

in CSV file the first line consists of field names. The following lines are the values.

You should add the "set_if_exists" field at the top line, and insert the values per each line in the appropriate location.

You can edit the file in MS Excel or Notepad++.

Robert.

0 Kudos
SD_Networking
Contributor
‎2017-12-08 06:50 AM
Jump to solution

Now i got into new problem set_if_exists doesnt exist for creating groups Smiley Sad

0 Kudos
Robert_Decker
Advisor
‎2017-12-10 06:53 AM
In response to SD_Networking
Jump to solution

No, it does not.

If you have only few duplicate names, I suggest to redirect the errors to a file, and then handle them manually (use option 2>&1).

Robert.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events