CheckPoint R80 API - find object by IP ?

John_Smith · ‎2016-12-23

Hello,

Is it possible to find address objects by "IP address" instead of "Name" or "UID" ?

I would think that it should be a possibility with "show-objects" query:

POST https://<mgmt-server>:<port>/web_api/show-objects

Using syntax like this:{

"limit" : 10,

"offset" : 0,

"order" : [ {

"ASC" : "name"

} ],

"in" : [ "ipv4-address", "192.168.1.1" ],

"type" : "host"

}

But it returns:

{

"code": "generic_server_error",

"message": "Management server failed to execute command"

}

It would be nice if "ipv4-address" key would work in the "show-host" search also.

Is that something that is planned to be implemented in the future ?

Igal_Rivin · ‎2016-12-24

Hi John,

In R-80 we don't have a support of searching objects by their IP address.

It's currently may be achieved by using Full Text Search.

Please try running show-objects command with the following payload:

{ "limit" : 10,

"offset" : 0,

"order" : [ { "ASC" : "name" } ],

"in" : [ "text", "192.168.1.1" ],

"type" : "host",

"details-level" : "full"

}

Because it uses Full Text Search, it's possible that more than a single object might be returned by this query.

It's worth it to traverse over the returned collections of objects and to select the host that has the wanted IP address ("ipv4-address")

John_Smith · ‎2016-12-27

Hi,

thank you ! This is exactly what we were looking for.

Jun_Liang_Seow · ‎2016-12-28

Hi,

Latching on this question. I understand Igal's reply and as you have mentioned, we have to traverse the collection of objects to find the IP address. We also can narrow the search by specifying the "type" keyword.

However, I am facing a similar issue of searching services. By specifying the below search keywords, it is returning too many results to filter(2688 results to be exact). I'm trying to find TCP 20.

{

"in" : [ "text", "20" ],

"type" : "service-tcp",

"details-level" : "full"

}

I understand that I can always use convention TCP_20 to minimize the result search but it doesn't cover properly non-conventional names that is found in existing firewall.

Is there a better method or something cooking in the next version?

Igal_Rivin · ‎2016-12-28

Hi Liang,

You did it correctly. In R-80 there is no better way to search for objects by a given port or IP address.

In the future version we expect to support this feature.

Jun_Liang_Seow · ‎2017-01-03

Hi Igal,

Thanks for the reply. I've coded it in this fashion for now!

Paul_Gademsky · ‎2019-06-10

I realize this is an old thread, but seems the most relevant.

I've tried several different ways to try and find an IP address, but am not being successful.

In particular, the IP address that I'm trying to find is one of the interfaces (not the management or primary) on a R80.20 gateway (which implies R80.20 (MDS/CMA).

I've tried the object explorer, and the web_api with show-objects, and modified it as well to reflect what has been shown here and other locations that I've found.

I can find the IP by using the Gui-DBedit where it shows up under Network Objects, cluster_member as ipaddr - string - X.X.X.X

Is there something that I'm missing in being able to search and return results correctly?

I'd like to be able to get the results to show the associated gateway and the 'officialname'

Thank you,

PG

Are you a member of CheckMates?

CheckPoint R80 API - find object by IP ?