This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brambo
Explorer
‎2019-09-29 04:09 AM
Jump to solution

Delete and set multiple routes in VSX mode

Hi all, 

Until now all my questions have been answered by the various Checkmate Posts.

This week I will be migrating a VSX R80.20 system from dedicated  physical interfaces, as internal and external to a combined internal bond, and a combined external bond interface for all the virtual systems to share. In order to do this, I have to delete the VLAN interfaces from the current physical interfaces. I have created a little script to do this. No problems there, but I also have to delete the static routes before I can delete the VLAN from the interface. 

The routes are visible in the routedx.conf files at OS level. But this file is created by a Checkpoint process that probably will overwrite the file when I change it.  SO - NO GO. The clish config also displays the routes.

Adding a route here displays an error telling me that routes need to be added in the GUI. 

During the migration I have to delete and add about 50 routes since the interfaces will change. 

Is there a way to prepare this so I can do this using the CLI?
I have read about the "run-script" option but that only looks useful to show information from the system.

I don't want to use the GUI for this task because it takes a lot of time and a lot of mouse clicks.  

Currently, I can't add images because its a sunday and somebody killed my management VM.

Hope you can help me on this one.

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2019-09-29 07:09 PM
Jump to solution

Hi, 

Have a look at the VSX provisioning tool - sk100645

"The VSX Provisioning Tool allows the VSX administrator to add and remove Virtual Devices (VS, VR, VSW), interfaces and routes from the command line of a Security Management Server / Multi-Domain Security Management Server. This allows the automation of the required VSX Provisioning operations in the environment."

Regards,

Chris

CCSM R77/R80/ELITE

View solution in original post

5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2019-09-29 07:09 PM
Jump to solution

Hi, 

Have a look at the VSX provisioning tool - sk100645

"The VSX Provisioning Tool allows the VSX administrator to add and remove Virtual Devices (VS, VR, VSW), interfaces and routes from the command line of a Security Management Server / Multi-Domain Security Management Server. This allows the automation of the required VSX Provisioning operations in the environment."

Regards,

Chris

CCSM R77/R80/ELITE
Brambo
Explorer
‎2019-09-30 08:39 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris, 

Thank you very much for the reply.
This will make my day tomorrow.

I prepared the entire change using as much of the provisioning tool as I can.

Best regards,

Bram

0 Kudos
Mark_Halsall
Employee Alumnus
Employee Alumnus
‎2022-05-03 10:01 AM
In response to Chris_Atkinson
Jump to solution

Are there any plans to migrate this to the official API?

I'm getting questions from customers with VERY large environments, and who are investing in automation + orchestration, and it seems that currently the only way to do operations like this are to use the API run-script command. In my eyes, VSX and MDM seem to be ideal candidates for being fully managed via API.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-05-03 04:26 PM
In response to Mark_Halsall
Jump to solution

Not part of R81.20 but it was hinted at during CPX as a future project for the reasons stated.

CCSM R77/R80/ELITE
0 Kudos
AlJo
Contributor
‎2022-05-24 07:07 AM
In response to Chris_Atkinson
Jump to solution

Another Vote to make this happen sooner rather than later.... Adding/Removing routes from VSX instances in the only thing we haven't been able to automate via the API for more than 2 years now. 

Since all VSX configuration must be done via the Management server I just don't understand why this wasn't in the first wave of APIs available.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events