This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
320244
Explorer
3 weeks ago

Checkpoint Gateway Inventory (VPN List) - automation

What is the best way to get the inventory of the VPN on Checkpoint Gateway Device?
 

I used the CLI commands VPN TU TLIST & VPN TU LIST IKE on the gateways to get the output on Terminal/SecureCRT. How can I use Python or Postman to get this information? Is there a API which I can leverage to get the information using Postman or Python?

Any suggestions is highly appreciated!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
3 weeks ago

You can call those same commands via REST API using run-script (either via the Management API or the Gaia API).

320244
Explorer
3 weeks ago
In response to PhoneBoy

Thank you, though I am not sure what needs to be done with the run script? the command which I want to execute is in the screen shot:

(1) List all IKE SAs

(2) List all IPsec SAs

how can we execute this commands? also if not this, what commands what can we execute to get all the VPN's in the gateway device, just like eg. "show-routes", to see all the routes in gateway configured.

Screenshot 2024-10-28 at 4.22.22 PM.png

 Thank you!!

0 Kudos
AaronCP
Advisor
3 weeks ago
In response to 320244

Maybe you could use the API that @PhoneBoy suggested, and pass one of the VPN shell commands listed in https://community.checkpoint.com/t5/Security-Gateways/VPN-Troubleshooting-Commands/m-p/39636#M13069

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to 320244

run-script allows you to execute CLI commands (or a script) via REST API.
It's not meant for interactive use (which vpn tu clear is), where SSH + Paramiko might be a better option.
However, it appears the vpn shell commands will give you similar information and, thus, might be better suited for usage with run-script.

As for something that doesn't involve a CLI command (i.e. a native REST API endpoint), one does not appear to exist for this purpose.
In R82, I know we export certain VPN information through OpenTelemetry, but not sure it's what you're looking for.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events