- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: MDS Install Multiple Policy via REST API
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MDS Install Multiple Policy via REST API
On the MDS GUI in R80.10, you can right click a domain and select "Install Policy" and install multiple policies. Is there a way to do this via REST API?
- Labels:
-
General
-
Multi Domain
-
Object Management
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It should work exactly the same way as it works in the GUI.
Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is an "install-policy" action via the API, yes.
See the link to it here: Check Point - Management API reference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will it automatically queue up the policy installs like the option in the GUI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It should work exactly the same way as it works in the GUI.
Specifically, the API call (assuming it is valid) will return a task-id that you monitor for results using the show task API call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It can install it in the same way...however it will do what you tell it to do.
If you tell it to install a policy and don't give it installation targets, it will default to how that policy is configured in regards to installation targets.
Scenario: Provider-1 Domain with 3 clusters and a separate policy for each cluster.
Policy-A is configured with installation targets of Cluster-A
Policy-B is configured with installation targets of Cluster-B
Policy-C was just built and is for Cluster-C however it is not completely configured and has a Any for installation targets.
In fact, Cluster-C hasn't even been built yet, an Engineer is just working on the policy to get it ready.
Manually with Smart Console if you attempt to install Policy-C on Cluster-A or Cluster-B it will pop up a warning saying are you sure? The policy doesn't match what is installed...yada...yada
From Smart Domain Manager doing the re-assign w/ install for the whole domain would just install Policy-A and Policy-B and would ignore Policy-C.
For API, if you pull the list of packages and tell the API to install all available packages, it would Policy-A on Cluster-A. Policy-B on Cluster-B and Policy-C would install on both Cluster-A and Cluster-B and be happy about it.
Lots of power, but it will also let you shoot yourself in the foot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is correct. We plan to make a better experience for this in our next releases.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- You will have to login at the domain Level... see https://community.checkpoint.com/thread/1066
- Make sure to specify targets in the install command. I noticed i(n the cli) that if you do not specify target gateway, the policy is pushed to all the gateways in the domain
