This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
M_Ruszkowski
Contributor
‎2019-03-01 08:26 AM

Install Database - MDS

Jump to solution

R80.20 API v1.3  can't seem to find "install Database".   We have close to 90 Domains across multiple MDS / Provider1 environments.  With that said when I need to make a change that requires an "Install Database" - I need to be able to do this via the API.   To me this is crazy that CheckPoint has left this out.  Or should I say I can't seem to find it.   Take a tool like Firemon that may require us to make a change and do an "install Database". 

Please tell me there is an easy way to do an "install Database" across 90+ domains without having to log into each one.

Thank you,

Labels (1)
Labels
Reply
2 Solutions

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2019-09-04 08:13 PM
In response to M_Ruszkowski

Jump to solution

Functions that must be handled by the older fwm daemon on a SMS/MDS generally cannot be automated through the API as fwm is not API-aware.  Any management function being handled by the newer cpm daemon can potentially be accessed through the API.  So as far as I know the inability to perform an Install Database via the API is more of a technical limitation of fwm than anything else.

A common question I get in the CCAS class is what management functions cannot be handled through the API, and must be performed in the SmartConsole GUI:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

Pretty much all the functions listed are handled by fwm (hence the need to use the old SmartDashboard GUI to work with many of these functions), looks like performing an Install Database operation needs to be added to the list.

 

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
Reply
Ofer_Barzvi
Employee
Employee
‎2019-09-16 07:33 AM

Jump to solution

Hi,

Please see this new post about usage of $MDSVERUTIL AllCMAs command for running the Install Database on all domain at once.

Regards,

Ofer

View solution in original post

Reply
12 Replies
PhoneBoy
Admin
Admin
‎2019-03-01 07:24 PM

Jump to solution

Pretty sure there is no API call for this function currently.

0 Kudos
Reply
M_Ruszkowski
Contributor
‎2019-03-07 12:05 PM
In response to PhoneBoy

Jump to solution

Wow.   I can't believe this basic function is not in the API.  Can you tell if it is even on the roadmap for 1.4 or 1.5 of the API?   So basically what I am hearing is that for large clients that have many domains and tools such as Firemon or Tufin, we have to manually log into every domain and do an install database for changes in setting to take affect.  At least is there a CLI command way that I can perform this?  If so I could write a BASH script and loop through all the domains. 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2019-03-08 07:13 AM
In response to M_Ruszkowski

Jump to solution

API 1.4 is released as part of R80.20.M2 -- nothing there about it.

API 1.5 is the upcoming R80.30 and nothing there about it either.

Not sure where this is in the plans to add. 

If you want to do this on the CLI, the command is fwm dbload target-name

If you really want to do this over REST API today, you could potentially install https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-... and use that. ‌

0 Kudos
Reply
M_Ruszkowski
Contributor
‎2019-03-18 08:45 AM
In response to PhoneBoy

Jump to solution

If we can do this by the command line on the MDS it will get us by for now.  I may write a quick BASH script iterate through all the domains and do the "fwm dbload target-name".  

It sounds like this is not on the near road map of the API.  I still can't believe "Install Database" is not an option.  

Thank you for checking.

0 Kudos
Reply
Jerry
Leader
Leader
‎2019-03-18 08:55 AM
In response to M_Ruszkowski

Jump to solution
Michael,

you're just telling us that you do SETTINGS changes in 90 Domains at the same time? Means that you need to "push" install for ALL those domains at the same time? Just out of my curiosity is this a really Production Environment or just a "Test Lab" ? 🙂

I have never heard myself working with CP for years and in IT even longer that anyone would have INSTALL 90 DOMAINS in ONE-GO.

Kudos if you do! That's highly unusual or I'm completely out of the moon with such massive MDS deployments seeing just no more than 15 domains in my hands so far ...
Jerry
0 Kudos
Reply
Tim_Tielens
Participant
‎2019-09-04 09:19 AM
In response to Jerry

Jump to solution

If you do an upgrade you need to install database on each domain, that means login to each domain and do install database.

 

I hope checkpoint implements something to do an install database from the top level MDS server.

 

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2019-09-04 09:58 AM
In response to Tim_Tielens

Jump to solution
We have an upgrade in the works, and this is from R77.30 to R80.30 with 102 domains in total, we just make sure we have enough people at hand as you also need to install the policy at least twice, first of all to make sure your logging is back in business and second in our experience we have seen to many failures on VPN's that failed after a while or after the first install policy.
So yeah it's a lot of work and NO I would not do it from the CLI, not even from the MDS SmartConsole where you can issue policy installs per domain.
Regards, Maarten
0 Kudos
Reply
Jerry
Leader
Leader
‎2019-03-18 08:59 AM
In response to M_Ruszkowski

Jump to solution
btw.

R80.20 API v1.3 = SMS
MDS / Provider1 environments = R6x/R7x

if I'm not mistaken so how come you're about to use Rest/or not API to do it ALL in ONE GO ?

Am I missing something or you're about to automate R6x with R8x platforms under the same API?
Jerry
0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2019-09-04 08:13 PM
In response to M_Ruszkowski

Jump to solution

Functions that must be handled by the older fwm daemon on a SMS/MDS generally cannot be automated through the API as fwm is not API-aware.  Any management function being handled by the newer cpm daemon can potentially be accessed through the API.  So as far as I know the inability to perform an Install Database via the API is more of a technical limitation of fwm than anything else.

A common question I get in the CCAS class is what management functions cannot be handled through the API, and must be performed in the SmartConsole GUI:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

Pretty much all the functions listed are handled by fwm (hence the need to use the old SmartDashboard GUI to work with many of these functions), looks like performing an Install Database operation needs to be added to the list.

 

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
Reply
Ofer_Barzvi
Employee
Employee
‎2019-09-16 07:33 AM

Jump to solution

Hi,

Please see this new post about usage of $MDSVERUTIL AllCMAs command for running the Install Database on all domain at once.

Regards,

Ofer

View solution in original post

Reply
Eran_Habad
Employee
Employee
‎2019-09-18 05:56 AM
In response to Ofer_Barzvi

Jump to solution
I think the solution should be this post 🙂
0 Kudos
Reply
Tim_Tielens
Participant
‎2019-09-18 05:57 AM
In response to Eran_Habad

Jump to solution

i Agree 😉

 

0 Kudos
Reply