This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
majorluk
Participant
‎2024-10-17 09:22 AM
Jump to solution

Need Help with Automating Device Information Gathering in MDS Environment

Hi everyone!

I'm reaching out for some advice because I'm a bit stuck at the moment.

We have an MDS environment and are developing automation scripts for compliance checks and read/write operations. Currently, I need to list all devices across all domains and download their configurations using the MDS CLI. I then execute commands remotely on Gaia and Gaia Embedded appliances.

The challenge is that, as part of a central team, I don’t have direct access to the firewalls but still need to gather all their information (yes, I know, it’s a bit ironic given the situation!).

We’re using the API show-gateways-and-servers call to gather appliance information, but the output is quite limited. It’s missing important details like:

  • Serial number
  • MAC address
  • HA status (active/standby)
  • Exact model
  • Jumbo Hotfix (JHF) version
  • License details

I was thinking of using remote execution to gather this info manually, but with around 800-1500 gateways globally, it’s taking forever to go through them all.

Is there anything you can recommend to speed this up or make the process more efficient? Also, what specific commands can I run on Gaia, Gaia Embedded, or Gaia VM to extract all the necessary details?

Any help would be much appreciated—my brain is fried and I could really use a nudge in the right direction! 😅

Thanks a lot in advance!

 

0 Kudos
1 Solution

Accepted Solutions
majorluk
Participant
3 weeks ago
In response to majorluk
Jump to solution

Nevermind! Found all flags here:

cpstat

 

Thanks a lot!!! Saved a lot of time!!

View solution in original post

0 Kudos
9 Replies
Amir_Senn
Employee
Employee
a month ago
Jump to solution

Can you use GAIA API for the operation?

If you do, you can use run-script API to get the info you need: https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html#web/run-script~v1.7%20 

Kind regards, Amir Senn
0 Kudos
Tal_Paz-Fridman
Employee
Employee
a month ago
Jump to solution

You can also use the older cpstat command with the -h flag to would with remote Security Gateways.

cpstat might have the flags to show what you are looking for (just type cpstat and it will give the usage).

For example cpstat os -f all -h <IP address> will retrieve the OS flags from the remote machine.

 

0 Kudos
(1)
majorluk
Participant
3 weeks ago
In response to Tal_Paz-Fridman
Jump to solution

Hi,

It looks like this is currently the easiest way to retrieve the data. Is there also a command available to check the Gateway cluster status and licensing? Since MDS stores that information in its database, there might be a way to access it, right?

Thanks so much!

0 Kudos
majorluk
Participant
3 weeks ago
In response to majorluk
Jump to solution

Nevermind! Found all flags here:

cpstat

 

Thanks a lot!!! Saved a lot of time!!

0 Kudos
PhoneBoy
Admin
Admin
a month ago
Jump to solution

show-gateways-and-servers will only show you information in the Management about the object.
You might want to look into the following:

In the Gaia API (referenceable from the Management API), you also have:

R82 has an additional APIs that will help as well:

Hopefully that helps and will reduce your need to use run-script (also a possibility, of course).

(1)
Daniel_Kuhl1
Employee
Employee
a month ago
In response to PhoneBoy
Jump to solution

@PhoneBoy that's a great collection of API calls for this case.

@majorluk you can combine them in a Python script for example to build your own overview based on the outputs. You don't need access to the devices themselves. For MDS, make sure to have Multi-Domain Super User rights in SmartConsole. Then you can use the show-gateways-and-servers API call to get the uids of the gateways. Those uids can be used then with the API call gaia-api to gather the details from Gaia API using Management API. Like this:

 

> gaia-api/show-cluster-state target "69ab02a3-ee97-4be9-b818-adbffc51dc4e" --format json

{
"command-name" : "show-cluster-state",
"response-message" : {
"additional-info" : "",
"cluster-status" : "ok",
"message" : "Cluster Active",
"mode" : "virtual-system-load-sharing",
"other-cluster-members" : [ {
"load" : 0,
"name" : "A-VSX-02",
"peer-id" : 2,
"status" : "standby"
}, {
"load" : 0,
"name" : "A-VSX-03",
"peer-id" : 3,
"status" : "standby"
} ],
"this-cluster-member" : {
"load" : 100,
"name" : "A-VSX-01",
"peer-id" : 1,
"status" : "active"
}
}
}

 

This should work in my opinion. Let me know if you need an example in Python.

 

 

0 Kudos
majorluk
Participant
3 weeks ago
In response to Daniel_Kuhl1
Jump to solution

Hi,

Thanks a lot for the feedback! GAIA doesn't seem to be an issue, but GAIA Embedded is a bit tricky. It doesn’t support those API calls, and the CLI commands differ from those on a typical GAIA system. 😕

0 Kudos
majorluk
Participant
3 weeks ago
In response to PhoneBoy
Jump to solution

Hi,

Thanks a lot for the feedback! GAIA doesn't seem to be an issue, but GAIA Embedded is a bit tricky. It doesn’t support those API calls, and the CLI commands differ from those on a typical GAIA system.

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to majorluk
Jump to solution

Gaia Embedded has different CLI which can called via REST API.
The CLI commands that are probably most relevant (based on your original post) are:

  • show diag
  • fw ver
  • cplic print
  • show cluster-status

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events