This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_AE
Explorer
‎2020-09-28 05:04 AM
Jump to solution

Connection Persistence API Call?

Hi,

our Customer would like to keep the Connection Persistence option to "Keep all connections" during the policy push, so that affected connections doesn't have to reconnect.

But to kill disabled/older connections, they would like to do a policy push in the weekend with the "rematch connections"-option.

Installing policy option over the API is no problem, but I dont find an option to update the Connection Persistence Value - is there a way to update this Value over the API to change it to "Rematch Connections" and back to "Keep all connections"? Or do you have better ideas to solve this?

Thanks in advance and best regards

Kevin

0 Kudos
1 Solution

Accepted Solutions
Sigbjorn
Advisor
Advisor
‎2020-09-30 03:06 AM
Jump to solution

We use this during the initial configuration of new gateways.

$genericsettings = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"optimizeDropsSupport" : "True",
"fwKeepOldConns" : "True"
}
}
"@

https://1.2.3.4/web_api/set-generic-object -Body $genericsettings

Use a show-simple-gateway with { name : "gateway1" } first to get the uid of the gateway in question.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-09-28 07:56 AM
Jump to solution

Unfortunately, there are several settings that don’t have formal API endpoints.
However, I believe you may be able to change this via the generic-object API.
This thread should point you in the right direction: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/set-generic-object-help-me-with-a...

0 Kudos
Sigbjorn
Advisor
Advisor
‎2020-09-30 03:06 AM
Jump to solution

We use this during the initial configuration of new gateways.

$genericsettings = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"optimizeDropsSupport" : "True",
"fwKeepOldConns" : "True"
}
}
"@

https://1.2.3.4/web_api/set-generic-object -Body $genericsettings

Use a show-simple-gateway with { name : "gateway1" } first to get the uid of the gateway in question.

0 Kudos
Kevin_AE
Explorer
‎2020-10-06 06:39 AM
In response to Sigbjorn
Jump to solution

Thanks, I was able to set the "fwKeepOldConns" param to True and False - but in both cases, the Connection Persistence option didn't move to "Keep all connections".. it is still at "rematch connections".

My expectation is, setting "fwKeelOldConns" to true, should set the point to "Keep all connections". But nothing happens, is this the correct parameter?

0 Kudos
Sigbjorn
Advisor
Advisor
‎2020-10-20 04:31 AM
In response to Kevin_AE
Jump to solution

Sorry for the late reply, I've only used this to set "Keep all connections", in which case the example above works well.

To switch between keep all and rematch, you need to set saveDataConns as well.

This json body is tested and works for me;

$rematch = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"fwKeepOldConns" : "False",
"saveDataConns" : "False"
}
}
"@


$keepall = @"
{
"uid" : "$gwuid",
"firewallSetting" : {
"fwKeepOldConns" : "True",
"saveDataConns" : "False"
}
}
"@

Remember to also call the /publish endpoint after setting the generic settings.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events