This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SalmanKaleem
Explorer
‎2021-02-10 09:26 AM

Mgmt_Cli to create VPN directional Match condition

Create an access rule/set an access rule using Mgmt_Cli to create VPN directional Match condition

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-02-10 06:03 PM

VPN Directional Match is a global property, described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
There isn't an official API to actually set this global property, but I believe these can be set with generic-objects.
You can get a list of the properties from here: https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-Query-Global-Properties-via-CLI/m-p/37... 

Directional Match rules are described in the API documentation for set-access-rule.
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.7%20 
However, I don't see any specific examples of how to set it using mgmt_cli. 
@Omer_Kleinstern can you provide a more precise example here?

0 Kudos
SalmanKaleem
Explorer
‎2021-02-11 12:40 AM
In response to PhoneBoy

@PhoneBoy Thanks for additional details. Actually, we are automating the deployment of checkpoint auto scaling clusters that require creation of controllers, templates & policies. We are stuck with following VPN rule creation. 

 

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network " vpn add directional from "tgw-community" to "External_clear" -s sid.txt

What are we missing with the above rule as per https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-rule~v1.7%20

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network " vpn add directional from "tgw-community" to "tgw-community" -s sid.txt

 

 

Setting Value

Source Any

Destination Any

VPN
(Directional Match)
tgw-community -> tgw-community
tgw-community -> External_clear

Services & Applications Any

Action Accept

Track Log

0 Kudos
PhoneBoy
Admin
Admin
‎2021-02-11 09:46 AM
In response to SalmanKaleem

Keep in mind mgmt_cli is turning your CLI command into JSON name/value pairs.
So it's possibly something like:

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network " vpn add directional.from "tgw-community" directional.to "tgw-community" -s sid.txt

or

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network " vpn add directional.0.from "tgw-community" directional.0.to "tgw-community" -s sid.txt

0 Kudos
SalmanKaleem
Explorer
‎2021-02-15 02:03 AM
In response to PhoneBoy

I get this error for both directional.0.from & directional.from

 

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network" vpn add directional.0.from "tgw-community" directional.0.to "tgw-community" -s sid.txt
code: "generic_err_invalid_parameter_name"
message: "Unrecognized parameter [directional]"

0 Kudos
PhoneBoy
Admin
Admin
‎2021-02-15 10:19 AM
In response to SalmanKaleem

@Omer_Kleinstern can you help with the correct syntax in this case?

0 Kudos
chkp-royl
Employee
Employee
‎2021-02-16 12:58 AM
In response to SalmanKaleem

Hi Salman,

When working with mgmt_cli tool, the path to each parameter should be followed with "."

Try this:

mgmt_cli set access-rule name "tgw-community VPN Traffic Rule" layer "Network" vpn.add.directional.0.from "tgw-community" vpn.add.directional.0.to "tgw-community" -s sid.txt

 

Roy

0 Kudos
Harshpal_Bhati
Employee
Employee
‎2021-02-21 09:25 PM
In response to chkp-royl

Harshpal_Bhati_0-1613971460838.png

For other user above syntax was worked for salman .

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events