Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JozkoMrkvicka
Authority
Authority

Manipulate Cluster Object with API

Hello guys,

I am wondering if there is any way how to modify Cluster object using API tool. I know, that there are few commands to manipulate with "simple-gateway", but I would like to know if there is posibility to change something within Cluster Object, or even member(s) of Cluster. Lets say I want to add new interface (new VLAN) for cluster with 2 members in "Dashboard". Attaching screenshot what I would like to achieve.

Of course I tried to use for example "show-simple-gateway" (see second attached screenshot) for Cluster, but I am getting following error:

{
"code": "generic_error",
"message": "Runtime error: com.checkpoint.objects.classes.dummy.CpmiGatewayCluster incompatible with com.checkpoint.objects.classes.dummy.CpmiGatewayCkp"
}

Is something like that posible ?

Thank you for your answer.

Kind regards,
Jozko Mrkvicka
14 Replies
Robert_Decker
Advisor

Hi,

Currently there is no support for Cluster objects via API.

As you mentioned, only "simple_gateway" can be manipulated.

In addition, you can use "show gateways-and-servers" API to display ALL gateways/clusters/servers in your DB.

I assume that we will support Clusters in a future version.

Robert.

Tomer_Sole
Mentor
Mentor

I would like to add that cluster objects as well as VSX in R80 and R80.10 are fully supported through the dbedit command.

0 Kudos
JozkoMrkvicka
Authority
Authority

Hi Robert,

Thank you for your swift and clear answer.

In my opinion, support for Cluster Object should be added ASAP, as most of organizations are using Clusters due to redundancy.

API for R80 is awesome feature, but in this case it is not usable at all to automate for example VLAN creation in case we are using 2 (or more) members.

Kind regards,
Jozko Mrkvicka
Michael_Pokrovs
Participant

Agree. We really need all of the management functions and settings to be exposed through API. 

0 Kudos
Tomer_Sole
Mentor
Mentor

As of now, dbedit is your best way for clusters. While not RESTful, it can also be done remotely.  

Usually your indication for “does this have R80-style REST API” is whether the GUI for the object or view has an R80 look and feel. With each version we will add more API commands, both for new features and for existing features which haven’t yet got the “R80 treatment”. 

0 Kudos
JozkoMrkvicka
Authority
Authority

Hi

Tomer Sole‌,

Robert Decker

So I played with "dbedit" for a while and I am getting into one strange issue. I am using script to create new Cluster interface and update it with all relevant data, attaching all the commands as example:

addelement network_objects GWC interfaces cluster_interface
modify network_objects GWC interfaces:4:ifindex 4
modify network_objects GWC interfaces:4:member_network:ipaddr 10.20.150.0
modify network_objects GWC interfaces:4:member_network:netmask 255.255.255.0
modify network_objects GWC interfaces:4:officialname eth10.150
modify network_objects GWC interfaces:4:ipaddr 10.20.150.1
modify network_objects GWC interfaces:4:netmask 255.255.255.0
modify network_objects GWC interfaces:4:monitored_by_cluster true
modify network_objects GWC interfaces:4:security:netaccess:access this
modify network_objects GWC interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW1 interfaces interface
modify network_objects GW1 interfaces:4:ifindex 4
modify network_objects GW1 interfaces:4:officialname eth10.150
modify network_objects GW1 interfaces:4:ipaddr 10.20.150.2
modify network_objects GW1 interfaces:4:netmask 255.255.255.0
modify network_objects GW1 interfaces:4:monitored_by_cluster true
modify network_objects GW1 interfaces:4:security:netaccess:access this
modify network_objects GW1 interfaces:4:security:netaccess:perform_anti_spoofing true
addelement network_objects GW2 interfaces interface
modify network_objects GW2 interfaces:4:ifindex 4
modify network_objects GW2 interfaces:4:officialname eth10.150
modify network_objects GW2 interfaces:4:ipaddr 10.20.150.3
modify network_objects GW2 interfaces:4:netmask 255.255.255.0
modify network_objects GW2 interfaces:4:monitored_by_cluster true
modify network_objects GW2 interfaces:4:security:netaccess:access this
modify network_objects GW2 interfaces:4:security:netaccess:perform_anti_spoofing true
update_all
savedb‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I am using procedure mentioned in sk30383, together with "dos2unix", "sed -i 's/[[:space:]]*$//' <filename>" and at the end executing input file using "dbedit -local -globallock -f <filename>"

Basically all is fine (no errors), cluster and both gateways are updated with correct data (checked with "print network_objects GWC") but in fact in SmartConsole I cannot see this new interface in Network Management.

I have tried also install database and policy, without any difference.

What I am doing wrong ? What else must be updated/modified in order to see this new interface in Network Management tab ?

Thanks everyone who can check it Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos
Tomer_Sole
Mentor
Mentor

for this question it will be best if you can please open a task for this so that Check Point Support will be able to assist. 

0 Kudos
Bob_Stevens
Participant

Did you ever find a fix for this?

0 Kudos
Robert_Decker
Advisor

Hi,

Please take a look at this thread - https://community.checkpoint.com/message/14128-dbedit-issue.

And pay attention to my latest answer about an alternative.

Robert.

0 Kudos
JozkoMrkvicka
Authority
Authority

Hello Robert Decker‌, Tomer Sole

Any update on this matter? 

API version 1.2 still doesnt have support for cluster object manipulation.

Do you know ETA for this ?

Thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos
Tomer_Sole
Mentor
Mentor

This is not planned for R80.20, but we do have concrete plans for this in the near future.

JozkoMrkvicka
Authority
Authority

When we can FINALLY expect such a basic feature like manipulating Cluster objects within R80 ? R80.30 is GA, without any single API command for this purpose. What a shame.

Kind regards,
Jozko Mrkvicka
Harald_Hansen
Advisor
Advisor

A bit late, though the answer to this question is R80.40 (probably).

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/add-simple-cluster-API/m-p/61871 

Timothy_Hall
Legend Legend
Legend

Great to see one of the limitations of the API going away, looks like the definitive list of things you can't do in the API vs. the SmartConsole GUI will need to be updated in this thread when R80.40 is released:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events