Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Burton_Peake
Participant

MDS Install Multiple Policy via REST API

Jump to solution

On the MDS GUI in R80.10, you can right click a domain and select "Install Policy" and install multiple policies. Is there a way to do this via REST API?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

There is an "install-policy" action via the API, yes.

See the link to it here: Check Point - Management API reference 

0 Kudos
Burton_Peake
Participant

Will it automatically queue up the policy installs like the option in the GUI?

0 Kudos
PhoneBoy
Admin
Admin

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

View solution in original post

Ivan_Moore
Contributor

It can install it in the same way...however it will do what you tell it to do.

If you tell it to install a policy and don't give it installation targets, it will default to how that policy is configured in regards to installation targets.  

Scenario:  Provider-1 Domain with 3 clusters and a separate policy for each cluster.  

Policy-A is configured with installation targets of Cluster-A

Policy-B is configured with installation targets of Cluster-B

Policy-C was just built and is for Cluster-C however it is not completely configured and has a Any for installation targets.

In fact, Cluster-C hasn't even been built yet, an Engineer is just working on the policy to get it ready.

Manually with Smart Console if you attempt to install Policy-C on Cluster-A or Cluster-B it will pop up a warning saying are you sure?  The policy doesn't match what is installed...yada...yada

From Smart Domain Manager doing the re-assign w/ install for the whole domain would just install Policy-A and Policy-B and would ignore Policy-C.  

For API, if you pull the list of packages and tell the API to install all available packages, it would Policy-A on Cluster-A.  Policy-B on Cluster-B and Policy-C would install on both Cluster-A and Cluster-B and be happy about it.  

Lots of power, but it will also let you shoot yourself in the foot

0 Kudos
Tomer_Sole
Employee Alumnus
Employee Alumnus

This is correct. We plan to make a better experience for this in our next releases.

Ash_Sidhu
Participant
  1. You will have to login at the domain Level...  see https://community.checkpoint.com/thread/1066  
  2. Make sure to specify targets in the install command. I noticed i(n the cli) that if you do not specify target gateway, the policy is pushed to all the gateways in the domain  
0 Kudos