This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JozkoMrkvicka
Authority
Authority
‎2018-01-06 10:04 AM

Manipulate Cluster Object with API

Hello guys,

I am wondering if there is any way how to modify Cluster object using API tool. I know, that there are few commands to manipulate with "simple-gateway", but I would like to know if there is posibility to change something within Cluster Object, or even member(s) of Cluster. Lets say I want to add new interface (new VLAN) for cluster with 2 members in "Dashboard". Attaching screenshot what I would like to achieve.

Of course I tried to use for example "show-simple-gateway" (see second attached screenshot) for Cluster, but I am getting following error:

{
"code": "generic_error",
"message": "Runtime error: com.checkpoint.objects.classes.dummy.CpmiGatewayCluster incompatible with com.checkpoint.objects.classes.dummy.CpmiGatewayCkp"
}

Is something like that posible ?

Thank you for your answer.

Kind regards,
Jozko Mrkvicka
Labels
show-simple-gateway.JPG
Preview file
58 KB
interfaaces.jpg
Preview file
80 KB
14 Replies
Robert_Decker
Advisor
‎2018-01-07 01:38 AM

Hi,

Currently there is no support for Cluster objects via API.

As you mentioned, only "simple_gateway" can be manipulated.

In addition, you can use "show gateways-and-servers" API to display ALL gateways/clusters/servers in your DB.

I assume that we will support Clusters in a future version.

Robert.

Tomer_Sole
Mentor
Mentor
‎2018-01-07 02:07 AM
In response to Robert_Decker

I would like to add that cluster objects as well as VSX in R80 and R80.10 are fully supported through the dbedit command.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-01-07 02:48 AM
In response to Robert_Decker

Hi Robert,

Thank you for your swift and clear answer.

In my opinion, support for Cluster Object should be added ASAP, as most of organizations are using Clusters due to redundancy.

API for R80 is awesome feature, but in this case it is not usable at all to automate for example VLAN creation in case we are using 2 (or more) members.

Kind regards,
Jozko Mrkvicka
Michael_Pokrovs
Participant
‎2018-01-07 11:46 AM

Agree. We really need all of the management functions and settings to be exposed through API. 

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-01-07 12:03 PM
In response to Michael_Pokrovs

As of now, dbedit is your best way for clusters. While not RESTful, it can also be done remotely.  

Usually your indication for “does this have R80-style REST API” is whether the GUI for the object or view has an R80 look and feel. With each version we will add more API commands, both for new features and for existing features which haven’t yet got the “R80 treatment”. 

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-02-01 02:04 PM
In response to Tomer_Sole

Hi

Tomer Sole‌,

Robert Decker

So I played with "dbedit" for a while and I am getting into one strange issue. I am using script to create new Cluster interface and update it with all relevant data, attaching all the commands as example:

addelement network_objects GWC interfaces cluster_interfacemodify network_objects GWC interfaces:4:ifindex 4modify network_objects GWC interfaces:4:member_network:ipaddr 10.20.150.0modify network_objects GWC interfaces:4:member_network:netmask 255.255.255.0modify network_objects GWC interfaces:4:officialname eth10.150modify network_objects GWC interfaces:4:ipaddr 10.20.150.1modify network_objects GWC interfaces:4:netmask 255.255.255.0modify network_objects GWC interfaces:4:monitored_by_cluster truemodify network_objects GWC interfaces:4:security:netaccess:access thismodify network_objects GWC interfaces:4:security:netaccess:perform_anti_spoofing trueaddelement network_objects GW1 interfaces interfacemodify network_objects GW1 interfaces:4:ifindex 4modify network_objects GW1 interfaces:4:officialname eth10.150modify network_objects GW1 interfaces:4:ipaddr 10.20.150.2modify network_objects GW1 interfaces:4:netmask 255.255.255.0modify network_objects GW1 interfaces:4:monitored_by_cluster truemodify network_objects GW1 interfaces:4:security:netaccess:access thismodify network_objects GW1 interfaces:4:security:netaccess:perform_anti_spoofing trueaddelement network_objects GW2 interfaces interfacemodify network_objects GW2 interfaces:4:ifindex 4modify network_objects GW2 interfaces:4:officialname eth10.150modify network_objects GW2 interfaces:4:ipaddr 10.20.150.3modify network_objects GW2 interfaces:4:netmask 255.255.255.0modify network_objects GW2 interfaces:4:monitored_by_cluster truemodify network_objects GW2 interfaces:4:security:netaccess:access thismodify network_objects GW2 interfaces:4:security:netaccess:perform_anti_spoofing trueupdate_allsavedb‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I am using procedure mentioned in sk30383, together with "dos2unix", "sed -i 's/[[:space:]]*$//' <filename>" and at the end executing input file using "dbedit -local -globallock -f <filename>"

Basically all is fine (no errors), cluster and both gateways are updated with correct data (checked with "print network_objects GWC") but in fact in SmartConsole I cannot see this new interface in Network Management.

I have tried also install database and policy, without any difference.

What I am doing wrong ? What else must be updated/modified in order to see this new interface in Network Management tab ?

Thanks everyone who can check it Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-02-05 08:03 AM
In response to JozkoMrkvicka

for this question it will be best if you can please open a task for this so that Check Point Support will be able to assist. 

0 Kudos
Bob_Stevens
Participant
‎2018-04-25 09:46 AM
In response to JozkoMrkvicka

Did you ever find a fix for this?

0 Kudos
Robert_Decker
Advisor
‎2018-04-25 11:23 AM
In response to Bob_Stevens

Hi,

Please take a look at this thread - https://community.checkpoint.com/message/14128-dbedit-issue.

And pay attention to my latest answer about an alternative.

Robert.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-09-01 11:49 PM

Hello Robert Decker‌, Tomer Sole

Any update on this matter? 

API version 1.2 still doesnt have support for cluster object manipulation.

Do you know ETA for this ?

Thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-09-01 11:53 PM
In response to JozkoMrkvicka

This is not planned for R80.20, but we do have concrete plans for this in the near future.

JozkoMrkvicka
Authority
Authority
‎2019-05-30 01:22 PM
In response to Tomer_Sole

When we can FINALLY expect such a basic feature like manipulating Cluster objects within R80 ? R80.30 is GA, without any single API command for this purpose. What a shame.

Kind regards,
Jozko Mrkvicka
Timothy_Hall
Legend Legend
Legend
‎2019-10-08 05:15 AM
In response to Harald_Hansen

Great to see one of the limitations of the API going away, looks like the definitive list of things you can't do in the API vs. the SmartConsole GUI will need to be updated in this thread when R80.40 is released:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top