This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
M_Ruszkowski
Collaborator
‎2019-03-01 08:26 AM
Jump to solution

Install Database - MDS

R80.20 API v1.3  can't seem to find "install Database".   We have close to 90 Domains across multiple MDS / Provider1 environments.  With that said when I need to make a change that requires an "Install Database" - I need to be able to do this via the API.   To me this is crazy that CheckPoint has left this out.  Or should I say I can't seem to find it.   Take a tool like Firemon that may require us to make a change and do an "install Database". 

Please tell me there is an easy way to do an "install Database" across 90+ domains without having to log into each one.

Thank you,

Labels
2 Solutions

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-09-04 08:13 PM
In response to M_Ruszkowski
Jump to solution

Functions that must be handled by the older fwm daemon on a SMS/MDS generally cannot be automated through the API as fwm is not API-aware.  Any management function being handled by the newer cpm daemon can potentially be accessed through the API.  So as far as I know the inability to perform an Install Database via the API is more of a technical limitation of fwm than anything else.

A common question I get in the CCAS class is what management functions cannot be handled through the API, and must be performed in the SmartConsole GUI:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

Pretty much all the functions listed are handled by fwm (hence the need to use the old SmartDashboard GUI to work with many of these functions), looks like performing an Install Database operation needs to be added to the list.

 

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones

View solution in original post

0 Kudos
Ofer_Barzvi
Employee
Employee
‎2019-09-16 07:33 AM
Jump to solution

Hi,

Please see this new post about usage of $MDSVERUTIL AllCMAs command for running the Install Database on all domain at once.

Regards,

Ofer

View solution in original post

12 Replies
PhoneBoy
Admin
Admin
‎2019-03-01 07:24 PM
Jump to solution

Pretty sure there is no API call for this function currently.

0 Kudos
M_Ruszkowski
Collaborator
‎2019-03-07 12:05 PM
In response to PhoneBoy
Jump to solution

Wow.   I can't believe this basic function is not in the API.  Can you tell if it is even on the roadmap for 1.4 or 1.5 of the API?   So basically what I am hearing is that for large clients that have many domains and tools such as Firemon or Tufin, we have to manually log into every domain and do an install database for changes in setting to take affect.  At least is there a CLI command way that I can perform this?  If so I could write a BASH script and loop through all the domains. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-08 07:13 AM
In response to M_Ruszkowski
Jump to solution

API 1.4 is released as part of R80.20.M2 -- nothing there about it.

API 1.5 is the upcoming R80.30 and nothing there about it either.

Not sure where this is in the plans to add. 

If you want to do this on the CLI, the command is fwm dbload target-name

If you really want to do this over REST API today, you could potentially install https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-... and use that. ‌

0 Kudos
M_Ruszkowski
Collaborator
‎2019-03-18 08:45 AM
In response to PhoneBoy
Jump to solution

If we can do this by the command line on the MDS it will get us by for now.  I may write a quick BASH script iterate through all the domains and do the "fwm dbload target-name".  

It sounds like this is not on the near road map of the API.  I still can't believe "Install Database" is not an option.  

Thank you for checking.

0 Kudos
Jerry
Mentor
Mentor
‎2019-03-18 08:55 AM
In response to M_Ruszkowski
Jump to solution

Michael,

you're just telling us that you do SETTINGS changes in 90 Domains at the same time? Means that you need to "push" install for ALL those domains at the same time? Just out of my curiosity is this a really Production Environment or just a "Test Lab" ? 🙂

I have never heard myself working with CP for years and in IT even longer that anyone would have INSTALL 90 DOMAINS in ONE-GO.

Kudos if you do! That's highly unusual or I'm completely out of the moon with such massive MDS deployments seeing just no more than 15 domains in my hands so far ...
Jerry
0 Kudos
Tim_Tielens
Contributor
‎2019-09-04 09:19 AM
In response to Jerry
Jump to solution

If you do an upgrade you need to install database on each domain, that means login to each domain and do install database.

 

I hope checkpoint implements something to do an install database from the top level MDS server.

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-04 09:58 AM
In response to Tim_Tielens
Jump to solution

We have an upgrade in the works, and this is from R77.30 to R80.30 with 102 domains in total, we just make sure we have enough people at hand as you also need to install the policy at least twice, first of all to make sure your logging is back in business and second in our experience we have seen to many failures on VPN's that failed after a while or after the first install policy.
So yeah it's a lot of work and NO I would not do it from the CLI, not even from the MDS SmartConsole where you can issue policy installs per domain.
Regards, Maarten
0 Kudos
Jerry
Mentor
Mentor
‎2019-03-18 08:59 AM
In response to M_Ruszkowski
Jump to solution

btw.

R80.20 API v1.3 = SMS
MDS / Provider1 environments = R6x/R7x

if I'm not mistaken so how come you're about to use Rest/or not API to do it ALL in ONE GO ?

Am I missing something or you're about to automate R6x with R8x platforms under the same API?
Jerry
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-09-04 08:13 PM
In response to M_Ruszkowski
Jump to solution

Functions that must be handled by the older fwm daemon on a SMS/MDS generally cannot be automated through the API as fwm is not API-aware.  Any management function being handled by the newer cpm daemon can potentially be accessed through the API.  So as far as I know the inability to perform an Install Database via the API is more of a technical limitation of fwm than anything else.

A common question I get in the CCAS class is what management functions cannot be handled through the API, and must be performed in the SmartConsole GUI:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

Pretty much all the functions listed are handled by fwm (hence the need to use the old SmartDashboard GUI to work with many of these functions), looks like performing an Install Database operation needs to be added to the list.

 

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
Ofer_Barzvi
Employee
Employee
‎2019-09-16 07:33 AM
Jump to solution

Hi,

Please see this new post about usage of $MDSVERUTIL AllCMAs command for running the Install Database on all domain at once.

Regards,

Ofer

Eran_Habad
Employee
Employee
‎2019-09-18 05:56 AM
In response to Ofer_Barzvi
Jump to solution

I think the solution should be this post 🙂
0 Kudos
Tim_Tielens
Contributor
‎2019-09-18 05:57 AM
In response to Eran_Habad
Jump to solution

i Agree 😉

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top