This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pgestido
Explorer
2 weeks ago

Newbie question about mgmt_cli on windows

Hi:

I am trying to use mgmt_cli on Windows to connect to Smart1 Cloud

I am trying to use 

 

mgmt_cli -m mydomain.maas.checkpoint.com --context <context-id>/web_api login api-key <my_api_key> > id.txt

this generate the id.txt like 

uid: "my_uid"
sid: "my_sid"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1732049229199
iso-8601: "2024-11-19T20:47+0000"
api-server-version: "1.9.1"
user-name: "admin-api"
user-uid: "my_user-uid"

next, I try

mgmt_cli -m mydomain.maas.checkpoint.com --context <context-id>/web_api show networks --session-file id.txt

and get the following error:

Couldn't connect to server
If you need to use a proxy server, add the '--proxy' parameter

But if I execute 

mgmt_cli -m mydomain.maas.checkpoint.com --context <context-id>/web_api show networks --session-id "my_sid"

this works fine.

All examples I found on the web are done like the first option.

What am I doing wrong?

Regards,

Pablo

 

 

3 Replies
PhoneBoy
Admin
Admin
2 weeks ago

My understanding is that you do not need -m or --context if you are using a session file, as all of the necessary information should be included.

0 Kudos
pgestido
Explorer
2 weeks ago
In response to PhoneBoy

Hi:

I tried without -m and -s and still having the same issue (previously generated a new session file)

mgmt_cli show networks -s id.txt
Couldn't connect to server
If you need to use a proxy server, add the '--proxy' parameter

is it that in "id.txt" the url points to localhost (127.0.0.1) 

 

 

0 Kudos
Duane_Toler
Advisor
2 weeks ago
In response to PhoneBoy

Hmm ..he might have a point here.  I tried the same thing to a customer's Smart-1 Cloud and got what he got.  When using -s for a session file with Smart-1 Cloud, the URL is to localhost and that breaks it.  This only for S1C, tho.

 

@pgestido: You'll need use get the "sid" string from that session file and set that to your environment variable named MGMT_CLI_SESSION_ID.

 

With Smart-1 Cloud, preferably you would use an API key for authentication.  You can set that with MGMT_CLI_API_KEY=<api key string>.  But if you are using a username/password and it works, then you can do that.

You also need to set a few more:

MGMT_CLI_MANAGEMENT=mydomain.maas.checkpoint.com

MGMT_CLI_CONTEXT=<context-id>/web_api

From here, you can do "mgmt_cli login" (no other parameters needed, if you use the environment variables) .  You can add --unsafe-auto-accept true to avoid having to accept the fingerprint manually.  After you login, copy the "sid" string and set that to the variable:

MGMT_CLI_SESSION_ID=<sid string>

Next, you need to un-set the MGMT_CLI_API_KEY variable.  From here on out, the session ID string holds the link to the login session.

When you're done, you can do "mgmt_cli logout", then destroy all those variables.  I don't quite remember all of the incantations to do this on Windows, but you can take it from here.

Let us know if you still need help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events