This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Greg_Harewood
Contributor
‎2022-10-18 09:28 AM
Jump to solution

Converting a MESH to a STAR COMMUNITY (mgmt_cli)

I've labelled this as converting mesh to star; that being said, our specific issue is that we are adding in a local DR gateway, don't want to lose secrets, and don't want to mesh the two at our end.  Historically for this customer, these kinds of point to point VPNs were set up as mesh, which was probably never ideal.

SO.... there is no official way to convert from a mesh to a star.  This is a shame.  A mesh is very obviously a subset of star, with only centre gateways in use, so it should be possible to upgrade.

A little scripting testing shows that this is possible, and in fact the key differentiator is the "featuresPreset" field on the generic-bject, which seems to allow fairly flexible conversion.  In fact, I've basically solved the problem.  I'm going to show you the code, and many arms will go up in horror:

#!/bin/bash

mc()
{
	mgmt_cli -s SID -f json $*
}

mgmt_cli -m 127.0.0.1 login |tee SID

COMM="$1"
COMMUID=$(mc show vpn-communities-meshed | jq -r --arg NAME "${COMM}" '."objects"[] | select(."name" == $NAME).uid')

#mc show generic-object uid ${COMMUID}
mc set generic-object uid ${COMMUID} \
	featuresPreset "e2e58d83-37af-3659-ae43-072580b4ea5d" \
	icon VPNCommunities/Star \
	topology STAR

mc logout
rm SID

 

This actually works much better than I was expecting.  I was expecting danger, but I observe that updating featuresPreset to match normally-created star communities works perfectly.  Object type fields are automatically adjusted to reflect the new object type.  This gives me confidence that this is legitimate.  And happily, gateways from the mesh are now listed perfectly as centre gateways in the updated object.

So... other than general latent fear, does anyone know of anything that could go wrong?  Any changes that don't cascade correctly from this, or other corruption?

Thank you!

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-18 01:10 PM
Jump to solution

Cue the disclaimer about using Generic Objects:

  • generic-object is a way to manipulate (parts of) objects that don't have a formal API endpoint.
  • We don't provide formal support for tweaking anything tweaked via generic-object APIs.
  • Formal API endpoints should be used where possible, which are fully supported and have guaranteed backward compatibility.

Having said all that, it's great that it works. 🙂

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-10-18 01:10 PM
Jump to solution

Cue the disclaimer about using Generic Objects:

  • generic-object is a way to manipulate (parts of) objects that don't have a formal API endpoint.
  • We don't provide formal support for tweaking anything tweaked via generic-object APIs.
  • Formal API endpoints should be used where possible, which are fully supported and have guaranteed backward compatibility.

Having said all that, it's great that it works. 🙂

0 Kudos
_Val_
Admin
Admin
‎2022-10-19 12:39 AM
Jump to solution

Wow, ingenious

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events