- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi Team,
I have explored the API reference posted in checkmates. It has given below command to deploy policy from API CLI to deploy on single firewall. Similarly, If we want to run policy installation on all firewalls of CMA. What is the command?
API Referrence:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#gui-cli/install-policy~v1.2
Single Firewall:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" --version 1.1 --format json
Multiple Firewall:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway corporate-gateway1 corporate-gateway2 " --version 1.1 --format json
In double quotes, can we include multiple firewalls by giving space?
Regards
Revathi
No, you use multiple target parameters like so:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json
It’s a separate command for each gateway/policy combination.
Hello,
We have about 175 SMB devices (1430 devices) in our environment that share the same policy. Every time we do a change we have to install in small batches (20 devices for example) due to limitation of installing for all devices at one time.
It's possible via API to do some script or configuration to get all 1430 devices from SmartConsole and then install policy in batches of 20 devices until all of them are up-to-date?
Thanks.
Can this be scripted? Sure.
Is there something Pre-built that does this? No.
At a high-level, you would do something like:
Hello,
Which API query could we use to monitor the status of instalation?
I found a way to get the gateways and also the API command to install the policy, but can't find how to know if the policy installation is complete or not
Thanks.
Forget it, I've found a way, after executing "install-policy policy-package" i can parse any of "success" messages for example and the start another installation
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY