Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kim_Moberg
Advisor

How to select a Security profile via API

Hi Team

I have been working on automating site2site vpn with a Check Point Gateway and an Interoperable device, and setting up a vpn community. 

https://community.checkpoint.com/message/18635-how-to-add-interoperative-device-via-api 

The next step my search to complete my use of API is Add my site2site firewall rule to gateway cluster Security policy. 

When I use the active example from the API doc it us being published to the standard security profile. I’ve  multiple profile to each of my rule set per secure gateway.

I have been able find my security profiles by using commands to extract uid. 

https://community.checkpoint.com/message/18729-how-to-find-generic-object-that-is-not-defined-in-the... 

And I also had to find out how to extract and set values I dont find any documentation of.

https://community.checkpoint.com/message/18727-missing-api-possibility-to-set-vpn-community-star-obj...

For example how to set ipsec and ike rekey values because Cisco device ASA5506 or Cisco router 1921/1941 have been configured differnetly than default vpn community values as 1440 min, and 86400 sec.

I can publish a firewall rule

#############################
# Add FW rule
#############################
# Name of rule WP-<Parkname>
# source "Hobro_Scada_Internal" & "WP_Gettrup_Internal_Network"
# destination "WP_Gettrup_Internal_Network" & "Hobro_Scada_Internal"
# services "Vestas Park Services"
# vpn-community "WP-Gettrup"
# action "Accept"
# track "Log"
# install-on "gwcluster"

mgmt_cli -u admin add access-rule layer "Network" position 1 name "Windpark Getrrup" source.1 "Hobro_Scada_Internal" source.2 "WP_Gettrup_Internal_Network" destination.1 "WP_Gettrup_Internal_Network" destination.2 "Hobro_Scada_Internal" service.1 "Vestas Park Services" vpn "WP-Gettrup" action "Accept" track.type "Log" install-on "gwcluster"

As you can see it add itself to the security policy [Standard]

How do I select a security profile by either using the name or uid to publish my new firewall rule?

Thanks

Kim

Best Regards
Kim
0 Kudos
1 Reply
Tomer_Sole
Mentor
Mentor

Hi, this is because you specified the layer “network” at your add access-rule call. Find out the name of the policy layer of the other policy and change your “add access-rule” call. Some of these names for layers may have been created automatically based on logics that I described at https://community.checkpoint.com/message/16940-editing-policy-from-no-layers-to-2-layers 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events