This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christian_Riede
Collaborator
‎2019-10-17 02:50 AM

Edit interfaces of ClusterXL objects via generic object API, changes not visible in SmartConsole

Hello,

I understand that there will be an API in R80.40 to manipulate interfaces of cluster objects. Unfortunately, I cannot wait for R80.40 in my project here. So I tried to add interfaces via the generic API described in https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/CloudGuard-Automated-firewall-Clu...

Roughly, I added interfaces to the cluster nodes and to the cluster object like this:

# set cluster and members with newly created interfaces
mgmt_cli set generic-object uid $cluster_uid interfaces.add.create "com.checkpoint.objects.classes.dummy.CpmiClusterInterface" interfaces.add.owned-object.netmask "255.255.255.0" interfaces.add.owned-object.ipaddr $vip_ip interfaces.add.owned-object.memberNetwork.create "com.checkpoint.objects.classes.dummy.CpmiSubnet" interfaces.add.owned-object.memberNetwork.owned-object.netmask "255.255.255.0" interfaces.add.owned-object.memberNetwork.owned-object.ipaddr $cluster_net_ip interfaces.add.owned-object.officialname $interface_name interfaces.add.owned-object.monitoredByCluster true interfaces.add.owned-object.ifindex $if_index --format json --session-file login.txt > cluster_set_response.json

I created interfaces manually in Smartconsole and checked what entries were  created in the interface table of the member host and cluster objects with guidbedit. I was able to replicate these entries vai the gerneric object api. I also compared the output of get generic-object between the manual created ones and the ones created via the API.

I actually can say, that my script is reproducing the manual action 1:1.

BUT: There are 2 weired effects that I cannot explain and that block me from making further progress:

1. When I create the interfaces via teh API and then go to Smartconsole, I won't find the new interfaces under "Network Management" of the firewall interface, while the new interfaces are definitely there in guidbedit or get generic object.

2. When I create an interface manually in Smartconsole and then delete it via dbedit, the interfaces are still there in SmartConsole, while they are definitely gone in guidbedit and get generic-object.

I understand that the widget for editing a firewall in R80 smartconsole is still using legacy code from R77, so is there some kind of sync to old style configuration files that needs to be done when the interfaces tables of a cluster is edited via the generic objects API?

Any ideas how to solve that?

1 Reply
PhoneBoy
Admin
Admin
‎2019-10-17 05:22 PM

Perhaps there is a clue in this dbedit script:
https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/CloudGuard-Automated-firewall-Clu...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events