This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pdn
Contributor
‎2023-11-14 08:11 AM

Failed add-access-rule (very weird)

 

Hi,

 

I can't figure this out so weird.

 

So, my python make a POST REST API add-access-rule call to the checkpoint mgmt server, for tcp port 300 (service), and it works fine (ie, I can see the rules published onto the FW). 

 

Then, I made another POST call, same exact source/destination, but a different port, and it fails with the RuntimeError error (below).  Please see the body with parameters sent with the POST call.  I verified the parameters settings like the access layer, position, source/destination ID's, against the FW, all are good, like with the tcp port 300 request.

I am using R81.10, which is Management API Version v1.8.  Appreciate any prompt feedbacks.  

 

RuntimeError: 400 Client Error: Bad Request for url: https://xyx.com/web_api/add-access-rule

 

https://sc1.checkpoint.com/documents/latest/APIs/#web/add-access-rule~v1.8.1%20

body.jpg
Preview file
40 KB
0 Kudos
3 Replies
pdn
Contributor
‎2023-11-14 10:32 AM

I got it!  One of the API sessions locked some objects.  After disconnecting and discard that session, it works!!!

I hope it helps people with similar issue.  Stupid thing, it costed me some good troubleshooting hours since yesterday.

0 Kudos
pdn
Contributor
‎2024-02-19 06:26 AM
In response to pdn

I thought I knew the reason, but I still got the discard.  Not often, just at times.

I don't believe there were locked objects, yet I still got the below error.  If you have any thought, can you please share?  It's frustrating to be honest, for something that is not replicated.

Is there a way to check if an object is locked, so that our app can wait for it to be unlocked first before making the add-access-rule api call?

 

Network access create Failed 400 Client Error: Bad Request for url: https://olanpn-mdsm00.xyz.com/web_api/discard

Thanks much in advance.

0 Kudos
the_rock
Legend
Legend
‎2024-02-19 07:16 AM
In response to pdn

I just rebooted my test lab mgmt server and worked fine.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top