Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Burton_Peake
Participant
Jump to solution

MDS Install Multiple Policy via REST API

On the MDS GUI in R80.10, you can right click a domain and select "Install Policy" and install multiple policies. Is there a way to do this via REST API?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

There is an "install-policy" action via the API, yes.

See the link to it here: Check Point - Management API reference 

Burton_Peake
Participant

Will it automatically queue up the policy installs like the option in the GUI?

PhoneBoy
Admin
Admin

It should work exactly the same way as it works in the GUI.

Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.

Ivan_Moore
Contributor

It can install it in the same way...however it will do what you tell it to do.

If you tell it to install a policy and don't give it installation targets, it will default to how that policy is configured in regards to installation targets.  

Scenario:  Provider-1 Domain with 3 clusters and a separate policy for each cluster.  

Policy-A is configured with installation targets of Cluster-A

Policy-B is configured with installation targets of Cluster-B

Policy-C was just built and is for Cluster-C however it is not completely configured and has a Any for installation targets.

In fact, Cluster-C hasn't even been built yet, an Engineer is just working on the policy to get it ready.

Manually with Smart Console if you attempt to install Policy-C on Cluster-A or Cluster-B it will pop up a warning saying are you sure?  The policy doesn't match what is installed...yada...yada

From Smart Domain Manager doing the re-assign w/ install for the whole domain would just install Policy-A and Policy-B and would ignore Policy-C.  

For API, if you pull the list of packages and tell the API to install all available packages, it would Policy-A on Cluster-A.  Policy-B on Cluster-B and Policy-C would install on both Cluster-A and Cluster-B and be happy about it.  

Lots of power, but it will also let you shoot yourself in the foot

Tomer_Sole
Mentor
Mentor

This is correct. We plan to make a better experience for this in our next releases.

Ash_Sidhu
Participant
  1. You will have to login at the domain Level...  see https://community.checkpoint.com/thread/1066  
  2. Make sure to specify targets in the install command. I noticed i(n the cli) that if you do not specify target gateway, the policy is pushed to all the gateways in the domain  

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events