Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JozkoMrkvicka
Mentor
Mentor
Jump to solution

DBedit issue

Hello guys,

Right now I am trying to create script for automatic VLAN creation within cluster deployment (2 gateways).

What I want to achieve is to add new VLAN as it is done via SmartConsole (Dashboard):

As there is no support for manipulation of Cluster objects via API yet, the only solution is to use dbedit tool.

So I played with dbedit for a while and I am getting into one strange issue. I am using following extract to create new Cluster interface and update it with all relevant data, attaching all the commands as example:

addelement network_objects GWC interfaces cluster_interface
modify network_objects GWC interfaces:4:ifindex 4
modify network_objects GWC interfaces:4:member_network:ipaddr 10.20.150.0
modify network_objects GWC interfaces:4:member_network:netmask 255.255.255.0
modify network_objects GWC interfaces:4:officialname eth10.150
modify network_objects GWC interfaces:4:ipaddr 10.20.150.1
modify network_objects GWC interfaces:4:netmask 255.255.255.0
modify network_objects GWC interfaces:4:monitored_by_cluster true
modify network_objects GWC interfaces:4:security:netaccess:access this
modify network_objects GWC interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW1 interfaces interface
modify network_objects GW1 interfaces:4:ifindex 4
modify network_objects GW1 interfaces:4:officialname eth10.150
modify network_objects GW1 interfaces:4:ipaddr 10.20.150.2
modify network_objects GW1 interfaces:4:netmask 255.255.255.0
modify network_objects GW1 interfaces:4:monitored_by_cluster true
modify network_objects GW1 interfaces:4:security:netaccess:access this
modify network_objects GW1 interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW2 interfaces interface
modify network_objects GW2 interfaces:4:ifindex 4
modify network_objects GW2 interfaces:4:officialname eth10.150
modify network_objects GW2 interfaces:4:ipaddr 10.20.150.3
modify network_objects GW2 interfaces:4:netmask 255.255.255.0
modify network_objects GW2 interfaces:4:monitored_by_cluster true
modify network_objects GW2 interfaces:4:security:netaccess:access this
modify network_objects GW2 interfaces:4:security:netaccess:perform_anti_spoofing true
update_all
savedb

 

I am using procedure mentioned in sk30383, together with "dos2unix", "sed -i 's/[[:space:]]*$//' <filename>" and at the end executing input file using "dbedit -local -globallock -f <filename>"

 

Basically all is fine (no errors), cluster and both gateways are updated with correct data (checked with "print network_objects GWC") but in fact in SmartConsole I cannot see this new interface in Network Management.

 

I have tried also install database and policy, without any difference.

 

What I am doing wrong ? What else must be updated/modified in order to see this new interface in Network Management tab ?

 

Thanks everyone who can check it.

Kind regards,
Jozko Mrkvicka
1 Solution

Accepted Solutions
Robert_Decker
Advisor

Hi Jozko,

I've just talked with a team member that is responible for Network Management view development in R80.X GUI, and as I suspected in my post above, the code in R80.X was changed.

dbedit tool will not help in this case. You have to wait for the new API for handling this stuff.

Robert.

View solution in original post

11 Replies
Marco_Valenti
Advisor

Don't know if possible as troubleshooting step consider to cpstart ; cpstop management server seems at least to me the quickest things to do before going through check point support

0 Kudos
JozkoMrkvicka
Mentor
Mentor

As I am trying it in "lab" using VMware, every time I turn off management Smiley Happy

One strange thing is that once I didnt modify antispoofing for this new interface (using dbedit), during policy installation I see warning message for this new interface (that antispoofing should be allowed).

Maybe it is working just not showing it in Network Management tab ?

I will check it with both cluster members and let you know.

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Mentor
Mentor

okay, so the conclusion is:

with R77.30 it is working like described above. (VLAN is perfectly added into Topology tab)

with R80.10 it is not working at all.

Lets wait for updated API for cluster handling...

Kind regards,
Jozko Mrkvicka
0 Kudos
Robert_Decker
Advisor

Hi, did you try to reset sic?

Robert.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Hi Robert,

No, but I just want to add new VLAN in Topology tab. It shouldnt have any relation to SIC, since I am working only on Management.

In R77.30 there is all fine, on R80.10 looks like some fields were added/modified into Interfaces subtree of cluster and members.

For example "monitored_by_cluster" is by default set to false (in R77.30), but in R80.10 it is set to true.

Kind regards,
Jozko Mrkvicka
0 Kudos
Robert_Decker
Advisor

Hi Jozko,

The network management view's source code was changed in R80.X release and maybe the things work now differently compared to R77.X.

Try the sic reset, maybe you will be surprised...

Robert.

0 Kudos
Robert_Decker
Advisor

In addition, I'll check the difference in DB schema between interface created in GUI and interface created in dbedit.

Maybe something is missing...

0 Kudos
Robert_Decker
Advisor

Hi Jozko,

I've just talked with a team member that is responible for Network Management view development in R80.X GUI, and as I suspected in my post above, the code in R80.X was changed.

dbedit tool will not help in this case. You have to wait for the new API for handling this stuff.

Robert.

JozkoMrkvicka
Mentor
Mentor

Hi Robert,

Thank you very much for your effort and time !

Glad to have clear and confirmed statement for this issue.

Lets wait for new version of API...

Kind regards,
Jozko Mrkvicka
0 Kudos
Robert_Decker
Advisor

Jozko,

To be accurate, there is a way to manipulate cluster object and cluster interfaces using management API's undocumented and unsupported "generic-objects" API.

Here is a link to our SE's excellent post - https://community.checkpoint.com/docs/DOC-2625.

Please pay attention to my caveat there.

Hope this helps.

Robert.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

When we can FINALLY expect such a basic feature like manipulating Cluster objects within R80 ? R80.30 is GA, without any single API command for this purpose. What a shame.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events