- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: Export of the VPN communities
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Export of the VPN communities
Is there anyone who knows about the license information tool script?
It is available on management and collects information from management and all gateways (if online) and exports all this information to a XML file. You can upload this to Check Point to update this info in the usercenter.
We use this script for collecting info about the inventory and this way make sure our CMDB is up to date. However there is one piece that is not collected and would be very useful for us to also have this part collected.
The piece missing is information about VPN's, to us the name of all the different VPN communities would be sufficient but I can imagine that others might like more info about each VPN.
Just a side note, the tool does not run in R80.10 on our MDS but we are working on it with TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure why a script designed primarily to collect information about licenses would also collect VPN information.
What information specifically are you looking to export about VPNs?
You can show the information about the various VPN Communities defined by using the following CLI commands:
- show vpn-communities-star
- show vpn-communities-meshed
See also: Check Point - Management API reference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dameon,
The amount of information collected by the tool is way more than just License info.
We have a 3 server Multi domain environment with around 150 domains, we have a script that uses the tool to collect data per domain and this is the only missing bit in the XML file. As said all I need is the name of each VPN community, but I could imagine some other people would also like to know the participating gateways and VPN encryption settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The above commands I list should show you which gateways are participating in the communities and the various settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried the command on the MDS, on both R77.30 and R80.10, after a <set domainname xxx > I tried the show commands, but all you can do here is <show vpn tunnel(s)>.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The commands I listed above are mgmt_cli commands, which means they are only relevant in R80+ management (not in R77.30 and earlier).
On my system (which is admittedly not MDM and not using VPN), you should still be able to see some output.
[Expert@R8010:0]# mgmt_cli -r true show vpn-communities-meshed
objects:
- uid: "6b8e4ed1-ccd4-43e2-ba94-1ee35d652cf7"
name: "MyIntranet"
type: "vpn-community-meshed"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
from: 1
to: 1
total: 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yep that works on the R80.10, but we only have 3 doamins on R80.10 and the rest is still on R77.30...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It even gets worse, I just got word that the License Information tool is no longer supported, even though the SK88240 shows how to use it on R80.10.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
For health check and license information, you can refer sk121447 where automated script is already available. But it is not taking community information.
You can make script and add commands which are suggested by Dameon.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried the command on the MDS, on both R77.30 and R80.10, after a <set domainname xxx > I tried the show commands, but all you can do here is <show vpn tunnel(s)>.
The trick is to either get the info added to XML file so we can parse the XML file to our CMDB or create a file per CMA, but then you need a working command.
