Create a Post
Showing results for 
Search instead for 
Did you mean: 
Jump to solution

Get VS information in VSX in API

I am using the v1.9 management API (Check Point - Management API reference)

show-simple-gateways shows Maestro SGs and interoperable Check Point devices

show-simple-clusters shows traditional hardware clusters

I don't have any LSM systems, but I tried anyways (show-lsm-gateways and show-lsm-clusters)

No VSX systems are showed, traditional or on Maestro.


This was last discussed in 2016.

Solved: How to get VS information on VSX via API ? - Check Point CheckMates

Now that we are on R81.20, is there an undocumented feature to get this information?

If not, can we Pretty Please get a Jira for this missing feature? I really hurts the ability to script. Real world example: Add a backup log server to all my firewalls.


Thank you.

0 Kudos
1 Solution

Accepted Solutions

Official APIs for VSX are planned as part of R82.

View solution in original post

0 Kudos
5 Replies

VSs show up in show-gateways-and-servers. Here's redacted output from one of my production managements:

[Expert@MySmartCenter]# mgmt_cli -f json -r true show gateways-and-servers limit 500 | jq -c '.objects[]|[.name,.type]'

VSX cluster members (useful for things like version checks, syslog config, etc.) are type CpmiVsxClusterMember.

VSX clusters are type CpmiVsxClusterNetobj.

On a cluster, VSs themselves are type CpmiVsClusterNetobj (they are technically clusters, though you generally don't have to manage the members). I don't have any non-clustered VSX firewalls, so I don't know what object type a non-clustered VS would have. Maybe CpmiVsNetobj?

0 Kudos

Thank you for mentioning  show gateways-and-servers. However, this does not address the need to work with values and modify the properties.

I will try out your suggestion to see if I can at least see the existing backup log servers for my VSs.

0 Kudos

You only mentioned getting the information. 😉

Once you have the objects' UUIDs, you could use the set-generic-object call, but it's not officially supported or stable in the API sense (output or expected input could change with no notice). Other than that, the API has very little support for VSX, correct. I mostly use the information I shared to do things which involve the physical VSX cluster members. For example, I have a periodic script running on my management which iterates through all the VSs, dumps their configs, copies all of the configs up to the management, runs a 'diff' on them, then sends me the results. This way, I know if somebody added some dynamic routing config on one member but forgot to put it on the other member. Keeps my failovers predictable.

0 Kudos

Thank you for the replies Bob. It's rare to get such good feedback so quickly!

I did try your suggestion (with WebAPI), it gives limited information (redacted):

"uid": "12b4fd08-3179-674c-8528-76243a000000",
"name": "ProdFirewall1",
"type": "CpmiVsClusterNetobj",
"domain": {
"uid": "535ddc43-2317-4edb-a6dd-eb5891000000",
"name": "Prod",
"domain-type": "domain"
"icon": "NetworkObjects/vsx/vs_clust",
"color": "black"

My request is for a response from Check Point if after 7 years the fix is finally in the works.

My real world example (see above): Add a backup log server to all my firewalls. This is easily done for classic firewalls and Maestro SG's. I have a lot of VSX hosts these days (going to be adding 50+ more soon), and is a missing feature I would love to have.



0 Kudos

Official APIs for VSX are planned as part of R82.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events