This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Mentor
Mentor
‎2018-01-18 01:54 PM

How to test the Management API with the Cloud Demo

The nice thing with the R80.10 Cloud Demo option is that you no longer need a real Check Point license to test security management features. And the API is one of them.

1. Get the server IP by clicking “copy server IP”

 

 

2. Get an administrator with a password that you know of, by creating one at “Permissions & Administrators” or by changing the password of one of the existing administrators. Publish your changes.

 

Now you can test your tools by connecting to this server IP with the administrator username and password.

13 Replies
Vladimir
Champion
Champion
‎2018-01-26 04:32 PM

Tomer,

Can you point me to a detailed description of the capabilities of the cloud demo?

I routinely recommend it to my clients for familiarization with R80.XX, but it would be nice to accurately describe its limitations.

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-01-26 09:50 PM
In response to Vladimir

There's an SK that describes the various limitations: Check Point R80 / R80.10 Cloud Demo Known Limitations 

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-01-27 11:23 PM
In response to Vladimir

Here is the overview of why we chose this approach with R80 and the highlights of the benefits -  https://community.checkpoint.com/thread/5447-a-brief-history-of-demo-mode-for-policy-editor-and-smar... 

0 Kudos
Bryan_Lee
Employee Alumnus
Employee Alumnus
‎2018-09-26 01:34 AM

How do I restart the Management API with "api restart" command in this demo mode? the "command line" shell is not the usual Gaia shell. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-26 07:18 AM
In response to Bryan_Lee

I don't you need to in the case of the Cloud Demo servers, but could be wrong there.

Joshua_Hatter
Employee
Employee
‎2018-09-28 05:43 AM
In response to PhoneBoy

The API in the cloud demo is setup to only accept local connections so it is required to test remote tools. Tomer Sole can we get the cloud server to default to gui clients or all IP? Otherwise we need some way to access and restart the API like Bryan mentioned.

Otherwise I have bypassed this with the run-script api to issue an api restart from SmartConsole.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2018-09-28 09:02 AM
In response to Joshua_Hatter

Get the real ip of the machine.

update MGMT object with real IP.

modify API settings 

add user + password + permissions 

publish

run-script on the MGMT object : 

source /etc/profile.d/CP.sh && api restart

ignore the error

Have fun Smiley Happy I do not know how to upload screenshots Smiley Sad

for me it worked Smiley Happy

C:\Program Files (x86)\CheckPoint\SmartConsole\R80.20\PROGRAM>mgmt_cli.exe login -m 52.59.244.70 -u ofirs -p ofirs

To verify server identity, compare the following fingerprint with the one displayed by the api management tool (api fingerprint).

SHA1 Fingerprint=42:02:B9:93:7C:4A:E4:47:3F:4C:B3:82:B8:45:0D:A9:13:80:E9:62
English Fingerprint=TOY GAL CENT WAVY LIEN LEE TAN CHEF SNOW DAYS BADE RUSK

Do you accept the fingerprint? (y/n) [y] ? y

C:\Program Files (x86)\CheckPoint\SmartConsole\R80.20\PROGRAM>mgmt_cli.exe login -m 52.59.244.70 -u ofirs -p ofirs
uid: "ddae3d5a-55aa-4cfd-8007-203a48e76ad7"
sid: "VuF91i1TvIShO6qc-L7xLDhxgNt04c4Nw9annrZFack"
url: "https://52.59.244.70:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1538151915730
iso-8601: "2018-09-28T16:25+0000"
api-server-version: "1.3"

Joshua_Hatter
Employee
Employee
‎2018-09-28 09:50 AM
In response to Ofir_Shikolski

As I said I do this to bypass the issue.

But it would make more sense for standard user who is using the demo to not go through this step.

Tunnelscraper
Explorer
‎2021-07-01 07:32 AM
In response to Ofir_Shikolski

Hi,

 

is this method possible to do for a normal user?

Because I don't have no idea how 

* How to access the CLISH in the Demo env.?

* where I get the script?

* what have to be modified by the API setting?

 

Tanks for your answers.

Cheers

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-01 01:26 PM
In response to Tunnelscraper

clish access is not necessary for this.
Also in current versions the Demo Mode server should be available from all IPs by default (as I recall), or if you need to enable it, there is no need to execute an api restart.
If you want to use mgmt_cli, it’s available in Windows when you install SmartConsole.

0 Kudos
Jason_Rakers
Participant
‎2018-12-07 07:51 AM
In response to Bryan_Lee

api restart is a CLISH command

Joshua_Hatter
Employee
Employee
‎2018-12-07 08:28 AM
In response to Jason_Rakers

The api command is a shell script, that can be called from Expert or Clish.

PhoneBoy
Admin
Admin
‎2021-07-02 08:27 PM

Created a new post on this topic: https://community.checkpoint.com/t5/API-CLI-Discussion/Using-SmartConsole-Demo-Mode-Server-for-API-t...
Further questions on this topic should be addressed on this thread.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events