Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
johnnyringo
Advisor
Jump to solution

Getting VPN Domain Configuration via Web Services API when Interoperable Devices are used

I've been starting to go more in depth with the Web Services API in R81.10 and to build some tools around it.  I'm especially interested in something that could retrieve the VPN Domain for all VPN Communities since this is a common misconfiguration (think an equivalent of the ever-popular One-liner to show VPN Topology (VPN Domain) on gateways script)

First, the good news.  I am able to get the VPN Domain for VPN Communities where the VPN domain is user-defined.  Something like this:

If the VPN Domain has been user-defined, there will be an override-vpn-domains object with a list of gateways with the following attributes:

  • gateway - object with the name, type, and ipv4-address of the gateway
  • vpn-domain - network or group that is the VPN domain.  Details can be retrieved with show-network or show-group 

Great!  Problem is, I can't figure how to get same for communities where the default VPN Domain is used.  Root problem here is while show-simple-cluster and show-simple-gateway have vpn-settings -> vpn-domain in the JSON response, I don't see that for a VPN Community with an Interoperable device.

Is there a separate command go get the details for an Interoperable Device that I'm just missing?  Or is it not possible?

 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

API version 1.9 (R81.20) and higher support this through the add/show/set/delete interoperable-device commands.  Also see my article here:

Functionality - Mgmt API vs. SmartConsole

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

(1)
4 Replies
Timothy_Hall
Champion
Champion

API version 1.9 (R81.20) and higher support this through the add/show/set/delete interoperable-device commands.  Also see my article here:

Functionality - Mgmt API vs. SmartConsole

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)
johnnyringo
Advisor

Ahh yeah I was afraid of that.  Just upgraded to R81.10 (API v1.8) a few months ago; R81.20 wasn't planned until next year but I can bump it up in priority.  

This management server is in Google Cloud, so the upgrade process is non-trivial.  

 

0 Kudos
PhoneBoy
Admin
Admin

You may be able to find the information in R81.10 using generic-object API calls.
There is no formal documentation on this endpoint (nor is there any support for it), though there are several usage examples on CheckMates.

Your best bet is to upgrade to R81.20 and use the formally supported API endpoints. 

0 Kudos
johnnyringo
Advisor

Yes, I know R81.20 is now recommended so an upgrade is planned within the next 6 months.  It unfortunately requires a maintenance window as some of the cluster member hostnames on the VM don't perfectly match the name in SmartConsole and this have to go through a SIC reset and failover process.

Policy installation fails with "TCP connection failure port=18191 [error no. 10]" and "Load on Modul...   

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events