- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- How can we install on multiple firewalls using ins...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can we install on multiple firewalls using install policy comand from API CLI
Hi Team,
I have explored the API reference posted in checkmates. It has given below command to deploy policy from API CLI to deploy on single firewall. Similarly, If we want to run policy installation on all firewalls of CMA. What is the command?
API Referrence:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#gui-cli/install-policy~v1.2
Single Firewall:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" --version 1.1 --format json
Multiple Firewall:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway corporate-gateway1 corporate-gateway2 " --version 1.1 --format json
In double quotes, can we include multiple firewalls by giving space?
Regards
Revathi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, you use multiple target parameters like so:
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json
The above command will help to deploy multiple firewalls with 1 common policy. If I want to install different policies for each gateway. How we have to do that?
Policy A - Gateway A
Policy B - Gateway B
Policy C - Gateway C
Regards
Revathi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It’s a separate command for each gateway/policy combination.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We have about 175 SMB devices (1430 devices) in our environment that share the same policy. Every time we do a change we have to install in small batches (20 devices for example) due to limitation of installing for all devices at one time.
It's possible via API to do some script or configuration to get all 1430 devices from SmartConsole and then install policy in batches of 20 devices until all of them are up-to-date?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can this be scripted? Sure.
Is there something Pre-built that does this? No.
At a high-level, you would do something like:
- Query the API for the relevant gateways (maybe set a tag for each gateway with that same policy to make it easier)
- Issue a policy install for the first twenty gateways.
- Monitor for completion of the policy instal action and repeat for the next twenty gateways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Which API query could we use to monitor the status of instalation?
I found a way to get the gateways and also the API command to install the policy, but can't find how to know if the policy installation is complete or not
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forget it, I've found a way, after executing "install-policy policy-package" i can parse any of "success" messages for example and the start another installation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any chance that you share the script?
I'm scripting a related situation and it would be great to have something to compare with.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can share my friend
