This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
796570686578
Collaborator
‎2024-07-18 03:57 AM
Jump to solution

How do I use the gaia-api to run commands on gateways?

Hey everyone,

for a script which I run with a cron job on the management server, I need to connect to a gateway and run a few commands to extract some information. To solve this, I was thinking about using the gaia-api via mgmt_cli but I am having trouble even authenticating to the gateway.

An example of a command and its output:

In this first example I use a user with read only permissions

[Expert@mgmtname:0]# mgmt_cli gaia-api/show-assets target "125435315-34534-3154-4444-444444"
Username: username
Password: 
code: "err_gaia_api_login_failed"
message: "Cannot login to the Gateway: "125435315-34534-3154-4444-444444"

 

In this second example, I use a RADIUS user with full access to the gateway, Mgmt Server and SmartConsole.

[Expert@mgmtname:0]# mgmt_cli gaia-api/show-assets target "125435315-34534-3154-4444-444444"
Username: username
Password: 
code: "err_login_failed"
message: "Authentication to server failed."

 

Do I need a locally managed user with read/write permissions, now that I think of it, it would make sense? I wasn't able to find a lot of documentation on this..

 

Thank you in advance.

Best regards

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Alex-
MVP Silver
MVP Silver
‎2024-07-18 04:05 AM
Jump to solution

You need to allow your user account to use the GAIA API, on the gateway.

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/#api_access~v1.7%20

To grant a user with GAIA API access, use the following command in expert mode:

[Expert@hostname]# gaia_api access --user <user> --enable true

To revoke GAIA API access from a user, use the following command in expert mode:

[Expert@hostname]# gaia_api access --user <user> --enable false

To check whether a user is permitted to use GAIA API, look for 'access-mechanism API' in the output of the following command in CLISH mode:

hostname> show rba user <user>

  

This thread covers the topic as well: https://community.checkpoint.com/t5/Security-Gateways/API-commands-on-gateways/m-p/220704#M42240

View solution in original post

3 Replies
Alex-
MVP Silver
MVP Silver
‎2024-07-18 04:05 AM
Jump to solution

You need to allow your user account to use the GAIA API, on the gateway.

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/#api_access~v1.7%20

To grant a user with GAIA API access, use the following command in expert mode:

[Expert@hostname]# gaia_api access --user <user> --enable true

To revoke GAIA API access from a user, use the following command in expert mode:

[Expert@hostname]# gaia_api access --user <user> --enable false

To check whether a user is permitted to use GAIA API, look for 'access-mechanism API' in the output of the following command in CLISH mode:

hostname> show rba user <user>

  

This thread covers the topic as well: https://community.checkpoint.com/t5/Security-Gateways/API-commands-on-gateways/m-p/220704#M42240

796570686578
Collaborator
‎2024-07-18 07:33 AM
In response to Alex-
Jump to solution

Amazing thank you!

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-07-18 07:35 AM
Jump to solution

To add to what Alex said, you can also check this from web UI.

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events