This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kim_Moberg
Advisor
‎2018-05-02 08:47 AM

How to find generic-object that is not defined in the API?

Hi Team

Where can I read out the available object name used in the below example to create a interoperable device?

Is it found in dbedit editor?

mgmt_cli -s id.txt add generic-object create "com.checkpoint.objects.classes.dummy.CpmiGatewayPlain" name "interdev_2" ipaddr "10.1.1.2" thirdPartyEncryption "True" osInfo.osName "Gaia" vpn.create "com.checkpoint.objects.classes.dummy.CpmiVpn" vpn.owned-object.vpnClientsSettingsForGateway.create "com.checkpoint.objects.classes.dummy.CpmiVpnClientsSettingsForGateway" vpn.owned-object.vpnClientsSettingsForGateway.owned-object.endpointVpnClientSettings.create "com.checkpoint.objects.classes.dummy.CpmiEndpointVpnClientSettingsForGateway" vpn.owned-object.vpnClientsSettingsForGateway.owned-object.endpointVpnClientSettings.owned-object.endpointVpnEnable "True" vpn.owned-object.ike.create "com.checkpoint.objects.classes.dummy.CpmiIke" vpn.owned-object.sslNe.create "com.checkpoint.objects.classes.dummy.CpmiSslNetworkExtender" vpn.owned-object.sslNe.owned-object.sslEnable "False" vpn.owned-object.sslNe.owned-object.gwCertificate "defaultCert" manualEncdomain $vpn_enc_domain encdomain "MANUAL"

Best Regards
Kim
4 Replies
Robert_Decker
Advisor
‎2018-05-02 12:17 PM

I don't understant your question...

What are you trying to accomplish exactly? View an object created by a generic objects API?

0 Kudos
Kim_Moberg
Advisor
‎2018-05-02 12:39 PM
In response to Robert_Decker

Hi Robert

I am trying to fill out the gap from my https://community.checkpoint.com/thread/7701-missing-api-possibility-to-set-vpn-community-star-objec... 


And then I wonder how and were you were able to find these field values! How I can find then myself and use the fields?


So i was thinking if I could run the command 

To show all object of a vpn-community which used perfect forward secret and set DH on Ipsec Phase 2


Please the my latest post below. 

Best Regards
Kim
0 Kudos
Kim_Moberg
Advisor
‎2018-05-02 12:25 PM

By running this commenad

 mgmt_cli -u admin show  generic-object uid 11fa48eb-d89b-4f70-9ff1-bbe82abc54d1

I ask to show uid of an active vpn-community-star 

There I have found some values, that I might select to use?

#enable Perfect Forward Secrecy true/false
ikeP2.ikeP2UsePfs true

#use DH group 5
ikeP2.ikeP2PfsDhGrp: "97aeb629-9aea-11d5-bd16-0090272ccb30"

#Rekey phase1 and phase2

ikeP1.ikeP1RekeyTime "60"

ikeP2.ikeP2RekeyTime "28800"

how would I be able to set or add settings to a created vpn-community-start via a API something like this?

mgmt_cli add generic-object set "com.checkpoint.objects.classes.dummy.CpmiGatewayPlain" name "interdev_2"  ikeP2.ikeP2UsePfs "true" ikeP2.ikeP2PfsDhGrp "97aeb629-9aea-11d5-bd16-0090272ccb30" ikeP1.ikeP1RekeyTime "60" ikeP2.ikeP2RekeyTime "28800"

Thanks

Kim

Best Regards
Kim
0 Kudos
Robert_Decker
Advisor
‎2018-05-03 12:55 AM
In response to Kim_Moberg

As I've already mentioned in your other post, when Management API lacks some settings, and this can happen, you can combine it along with dbedit API, as you did in interoperable device update.

The show-objects command and show-generic-objects command show the whole list of settings that can be accessed via dbedit API.

Robert.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top