- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: New to Checkpoint Scripting - Where to start f...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New to Checkpoint Scripting - Where to start from?
Hello chaps,
I'm not new to Checkpoint but very much new to CLI and bit confuse when we talk about CLI in general.
At the moment, I can see that Checkpoint offers:
What are the differences and which one is more reliable where scripting can be create?
If all do the same job then why Checkpoint has all of these?
I believe it will help all others who are new to CLI.
Regards,
B
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
all of this depends HOW you access your environment rather than what CP offers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry, mistakenly clicked "Add Comment" ...
so basically CLI is either shell (used by SSH Client) or build on CLI from either WebUI (Gaia Portal) or SmartConsole (there you've got CLI but not to the GW but MGMT server - SMS/MDS) - again, all depends how and where from you're getting access to your so called "CLI".
more about this you could read by Support Centre searching for Command Line Access or simply here by looking for "CCC"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so sorry for so many replies mate but I guess what's worth mentioning is that this one you just must read !
TOP TOPIC here
https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands
Cheers and good luck !
Jerry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jerry Szpinak, there is always "Edit" option in the Action menu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry buddy, when you do that by Mobile Safari ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
btw. how come you've tagged me with some non-existing account? check this out Valeri Loukine - you've tagged non-existing account holder
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's because there are apparently three accounts of you here. We really need to do some cleanup. Never mind, fixed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd appreciate Valeri if I could have 1 only, that one Jerry Szpinak
other 2 might be just due to the fact that I work for quite a few CP customers at the same time ... and my UC accounts indeed blossom recently. Sorry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It depends what you want to script, actually.
CLI is being used for all kind of things: OS management and configuration, troubleshooting, platform tuning, debug, automated deployment, diagnostics, etc.
Let's define a use case for you, then we can advise
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Valeri - I know what CLI does mate.
I wanted to know only that. CP has too many CLI like options... such as:
We are running multi-domain environment. So I ssh to VSX and created a host object there and I looked in the smart console but I couldn't find that host object in the list. Then I clicked on the "Command Line" button in smartconsole and created there a host object and that appreard in the object DB straight away. Lastly, then I SSHed to management server and created a host object there and then again.. couldn't see the host object in the Smartconsole.
So what it shows that each CLI enviornment are different or may be I have poor understanding.
If you or anyone can shed some light on this .. would be much appreciated.
Maik Dummer did Elaborate a bit. Thanks Mate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am still having trouble understanding your scenario. You are creating a host object where? How do you want to use this object later on? Everything related to security policies should be done on MGMT side first and then delivered with the policy installation to the enforcement points.
If that was your task, then yes, you needed MGMT API, and mgmt_cli is just one of the ways to invoke it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The last statement:
"
If that was your task, then yes, you needed MGMT API, and mgmt_cli is just one of the ways to invoke it.
"
...is more valuebale then whole of this thread. Simple and straight forward.
Cheers mate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad it helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
It all depends on your preferred way and language to write a script. The several offers that are available come with different backgrounds:
- SmartConsole CLI => basically a subview within the SmartConsole that allows you to run API commands and to execute stuff. I think this option is not really often used to run scripts, as you need to have access to the SMS via the SmartConsole in order to use it. [executed via the "command line" button within the SmartConsole]
- The mgmt_cli tool => a tool that comes with the installation of the SmartConsole, it is placed in the SmartConsole install directory, also often referred to as "mgmt_cli.exe". It allows you to execute API commands via [edit] batch or powershell and therefore from a client machine without the need to open the SmartConsole.
- Management CLI in Gaia => its the same as the "mgmt_cli.exe" with the only difference that this tool is part of the Gaia installation and allows you to execute API commands e.g. locally on the SMS (mgmt_cli commands can be included in bash script, to mention one example).
- Web Services => thats the most basic way to use the api, as it is the interface in order to access the RESTful API. You can basically send the required HTTP(S) POST information with the required information via tools like POSTman in order to receive the needed information.
The options "SmartConsole CLI", "mgmt_cli.exe" & mgmt cli on Gaia all depend on the web services base. They basically translate the commands into HTTP(S) requests and send them to the API in order to receive any required information. There are some differences when it comes to the actual API access. If you want to know more about that you can take a look at this thread, where I asked how the management api structure itself looks.
In addition, there are packages for specific language like e.g. python, that also include functions that can be used in your script, that basically translate into API HTTPS requests and enable you to work with the API without the need to manage the actual HTTPS communication (with session management etc.).
Hope that clarifies it for you
Regards,
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maik, great explanation!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Explanation Maik