This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kim_Moberg
Advisor
‎2018-05-03 10:37 PM

How to select a Security profile via API

Hi Team

I have been working on automating site2site vpn with a Check Point Gateway and an Interoperable device, and setting up a vpn community. 

https://community.checkpoint.com/message/18635-how-to-add-interoperative-device-via-api 

The next step my search to complete my use of API is Add my site2site firewall rule to gateway cluster Security policy. 

When I use the active example from the API doc it us being published to the standard security profile. I’ve  multiple profile to each of my rule set per secure gateway.

I have been able find my security profiles by using commands to extract uid. 

https://community.checkpoint.com/message/18729-how-to-find-generic-object-that-is-not-defined-in-the... 

And I also had to find out how to extract and set values I dont find any documentation of.

https://community.checkpoint.com/message/18727-missing-api-possibility-to-set-vpn-community-star-obj...

For example how to set ipsec and ike rekey values because Cisco device ASA5506 or Cisco router 1921/1941 have been configured differnetly than default vpn community values as 1440 min, and 86400 sec.

I can publish a firewall rule

#############################
# Add FW rule
#############################
# Name of rule WP-<Parkname>
# source "Hobro_Scada_Internal" & "WP_Gettrup_Internal_Network"
# destination "WP_Gettrup_Internal_Network" & "Hobro_Scada_Internal"
# services "Vestas Park Services"
# vpn-community "WP-Gettrup"
# action "Accept"
# track "Log"
# install-on "gwcluster"

mgmt_cli -u admin add access-rule layer "Network" position 1 name "Windpark Getrrup" source.1 "Hobro_Scada_Internal" source.2 "WP_Gettrup_Internal_Network" destination.1 "WP_Gettrup_Internal_Network" destination.2 "Hobro_Scada_Internal" service.1 "Vestas Park Services" vpn "WP-Gettrup" action "Accept" track.type "Log" install-on "gwcluster"

As you can see it add itself to the security policy [Standard]

How do I select a security profile by either using the name or uid to publish my new firewall rule?

Thanks

Kim

Best Regards
Kim
0 Kudos
1 Reply
Tomer_Sole
Mentor
Mentor
‎2018-05-04 01:24 AM

Hi, this is because you specified the layer “network” at your add access-rule call. Find out the name of the policy layer of the other policy and change your “add access-rule” call. Some of these names for layers may have been created automatically based on logics that I described at https://community.checkpoint.com/message/16940-editing-policy-from-no-layers-to-2-layers 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events