This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nagarevathi
Participant
‎2019-05-22 03:43 AM

How can we install on multiple firewalls using install policy comand from API CLI

Hi Team,

I have explored the API reference posted in checkmates. It has given below command to deploy policy from API CLI to deploy on single firewall. Similarly, If we want to run policy installation on all firewalls of CMA. What is the command?

API Referrence:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#gui-cli/install-policy~v1.2

Single Firewall:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" --version 1.1 --format json

Multiple Firewall:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway corporate-gateway1 corporate-gateway2 " --version 1.1 --format json

In double quotes, can we include multiple firewalls by giving space?

Regards

Revathi 

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2019-05-22 06:53 PM

No, you use multiple target parameters like so:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json

nagarevathi
Participant
‎2019-05-22 09:05 PM
In response to PhoneBoy

Hi Admin,

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway" targets.2 "corporate-gateway1" targets.3 "corporate-gateway2 " --version 1.1 --format json

The above command will help to deploy multiple firewalls with 1 common policy. If I want to install different policies for each gateway. How we have to do that?
Policy A - Gateway A
Policy B - Gateway B
Policy C - Gateway C

Regards
Revathi
PhoneBoy
Admin
Admin
‎2021-01-08 11:18 AM
In response to nagarevathi

It’s a separate command for each gateway/policy combination.

0 Kudos
ByL_telecom
Participant
‎2021-01-07 11:37 PM

Hello,

We have about 175 SMB devices (1430 devices) in our environment that share the same policy. Every time we do a change we have to install in small batches (20 devices for example) due to limitation of installing for all devices at one time.

It's possible via API to do some script or configuration to get all 1430 devices from SmartConsole and then install policy in batches of 20 devices until all of them are up-to-date?

 

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-08 11:21 AM
In response to ByL_telecom

Can this be scripted? Sure.
Is there something Pre-built that does this? No.
At a high-level, you would do something like:

  • Query the API for the relevant gateways (maybe set a tag for each gateway with that same policy to make it easier)
  • Issue a policy install for the first twenty gateways.
  • Monitor for completion of the policy instal action and repeat for the next twenty gateways.

 

0 Kudos
ByL_telecom
Participant
‎2021-01-11 03:21 AM

Hello,

Which API query could we use to monitor the status of instalation? 

I found a way to get the gateways and also the API command to install the policy, but can't find how to know if the policy installation is complete or not

 

Thanks.

0 Kudos
ByL_telecom
Participant
‎2021-01-11 03:27 AM

Forget it, I've found a way, after executing "install-policy policy-package" i can parse any of "success" messages for example and the start another installation

(1)
EnriqueGB
Participant
‎2022-04-21 04:44 AM
In response to ByL_telecom

Any chance that you share the script?

 

I'm scripting a related situation and it would be great to have something to compare with.

0 Kudos
allen_saldanha
Explorer
‎2022-06-18 11:54 AM
In response to ByL_telecom

can share my friend

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events