Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kevin_AE
Explorer

Connection Persistence API Call?

Jump to solution

Hi,

our Customer would like to keep the Connection Persistence option to "Keep all connections" during the policy push, so that affected connections doesn't have to reconnect.

But to kill disabled/older connections, they would like to do a policy push in the weekend with the "rematch connections"-option.

Installing policy option over the API is no problem, but I dont find an option to update the Connection Persistence Value - is there a way to update this Value over the API to change it to "Rematch Connections" and back to "Keep all connections"? Or do you have better ideas to solve this?

Thanks in advance and best regards

Kevin

0 Kudos
1 Solution

Accepted Solutions
Sigbjorn
Advisor

We use this during the initial configuration of new gateways.

$genericsettings = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"optimizeDropsSupport" : "True",
"fwKeepOldConns" : "True"
}
}
"@

https://1.2.3.4/web_api/set-generic-object -Body $genericsettings

Use a show-simple-gateway with { name : "gateway1" } first to get the uid of the gateway in question.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Unfortunately, there are several settings that don’t have formal API endpoints.
However, I believe you may be able to change this via the generic-object API.
This thread should point you in the right direction: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/set-generic-object-help-me-with-a...

0 Kudos
Sigbjorn
Advisor

We use this during the initial configuration of new gateways.

$genericsettings = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"optimizeDropsSupport" : "True",
"fwKeepOldConns" : "True"
}
}
"@

https://1.2.3.4/web_api/set-generic-object -Body $genericsettings

Use a show-simple-gateway with { name : "gateway1" } first to get the uid of the gateway in question.

View solution in original post

0 Kudos
Kevin_AE
Explorer

Thanks, I was able to set the "fwKeepOldConns" param to True and False - but in both cases, the Connection Persistence option didn't move to "Keep all connections".. it is still at "rematch connections".

My expectation is, setting "fwKeelOldConns" to true, should set the point to "Keep all connections". But nothing happens, is this the correct parameter?

0 Kudos
Sigbjorn
Advisor

Sorry for the late reply, I've only used this to set "Keep all connections", in which case the example above works well.

To switch between keep all and rematch, you need to set saveDataConns as well.

This json body is tested and works for me;

$rematch = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"fwKeepOldConns" : "False",
"saveDataConns" : "False"
}
}
"@


$keepall = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"fwKeepOldConns" : "True",
"saveDataConns" : "False"
}
}
"@

Remember to also call the /publish endpoint after setting the generic settings.

0 Kudos