This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Burton_Peake
Participant
‎2018-07-23 08:55 AM
Jump to solution

MDS Install Multiple Policy via REST API

On the MDS GUI in R80.10, you can right click a domain and select "Install Policy" and install multiple policies. Is there a way to do this via REST API?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-07-23 09:32 AM
In response to Burton_Peake
Jump to solution

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2018-07-23 09:21 AM
Jump to solution

There is an "install-policy" action via the API, yes.

See the link to it here: Check Point - Management API reference 

0 Kudos
Burton_Peake
Participant
‎2018-07-23 09:24 AM
In response to PhoneBoy
Jump to solution

Will it automatically queue up the policy installs like the option in the GUI?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-23 09:32 AM
In response to Burton_Peake
Jump to solution

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

Ivan_Moore
Contributor
‎2018-07-25 04:28 PM
Jump to solution

It can install it in the same way...however it will do what you tell it to do.

If you tell it to install a policy and don't give it installation targets, it will default to how that policy is configured in regards to installation targets.  

Scenario:  Provider-1 Domain with 3 clusters and a separate policy for each cluster.  

Policy-A is configured with installation targets of Cluster-A

Policy-B is configured with installation targets of Cluster-B

Policy-C was just built and is for Cluster-C however it is not completely configured and has a Any for installation targets.

In fact, Cluster-C hasn't even been built yet, an Engineer is just working on the policy to get it ready.

Manually with Smart Console if you attempt to install Policy-C on Cluster-A or Cluster-B it will pop up a warning saying are you sure?  The policy doesn't match what is installed...yada...yada

From Smart Domain Manager doing the re-assign w/ install for the whole domain would just install Policy-A and Policy-B and would ignore Policy-C.  

For API, if you pull the list of packages and tell the API to install all available packages, it would Policy-A on Cluster-A.  Policy-B on Cluster-B and Policy-C would install on both Cluster-A and Cluster-B and be happy about it.  

Lots of power, but it will also let you shoot yourself in the foot

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-07-26 12:56 AM
In response to Ivan_Moore
Jump to solution

This is correct. We plan to make a better experience for this in our next releases.

Ash_Sidhu
Participant
‎2019-02-22 07:44 AM
Jump to solution

  1. You will have to login at the domain Level...  see https://community.checkpoint.com/thread/1066  
  2. Make sure to specify targets in the install command. I noticed i(n the cli) that if you do not specify target gateway, the policy is pushed to all the gateways in the domain  
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events