This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
nagarevathi
Participant
‎2019-05-22 03:43 AM

How can we install on multiple firewalls using install policy comand from API CLI

Hi Team,

I have explored the API reference posted in checkmates. It has given below command to deploy policy from API CLI to deploy on single firewall. Similarly, If we want to run policy installation on all firewalls of CMA. What is the command?

API Referrence:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#gui-cli/install-policy~v1.2

Single Firewall:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" --version 1.1 --format json

Multiple Firewall:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway corporate-gateway1 corporate-gateway2 " --version 1.1 --format json

In double quotes, can we include multiple firewalls by giving space?

Regards

Revathi 

0 Kudos
Reply
7 Replies
PhoneBoy
Admin
Admin
‎2019-05-22 06:53 PM

No, you use multiple target parameters like so:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json

Reply
nagarevathi
Participant
‎2019-05-22 09:05 PM
In response to PhoneBoy

Hi Admin,

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json

The above command will help to deploy multiple firewalls with 1 common policy. If I want to install different policies for each gateway. How we have to do that?
Policy A - Gateway A
Policy B - Gateway B
Policy C - Gateway C

Regards
Revathi
Reply
PhoneBoy
Admin
Admin
a week ago
In response to nagarevathi

It’s a separate command for each gateway/policy combination.

0 Kudos
Reply
ByL_telecom
Explorer
2 weeks ago

Hello,

We have about 175 SMB devices (1430 devices) in our environment that share the same policy. Every time we do a change we have to install in small batches (20 devices for example) due to limitation of installing for all devices at one time.

It's possible via API to do some script or configuration to get all 1430 devices from SmartConsole and then install policy in batches of 20 devices until all of them are up-to-date?

 

Thanks.

0 Kudos
Reply
PhoneBoy
Admin
Admin
a week ago
In response to ByL_telecom

Can this be scripted? Sure.
Is there something Pre-built that does this? No.
At a high-level, you would do something like:

  • Query the API for the relevant gateways (maybe set a tag for each gateway with that same policy to make it easier)
  • Issue a policy install for the first twenty gateways.
  • Monitor for completion of the policy instal action and repeat for the next twenty gateways.

 

0 Kudos
Reply
ByL_telecom
Explorer
a week ago

Hello,

Which API query could we use to monitor the status of instalation? 

I found a way to get the gateways and also the API command to install the policy, but can't find how to know if the policy installation is complete or not

 

Thanks.

0 Kudos
Reply
ByL_telecom
Explorer
a week ago

Forget it, I've found a way, after executing "install-policy policy-package" i can parse any of "success" messages for example and the start another installation

0 Kudos
Reply