This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Trupti_Deshmukh
Participant
‎2019-02-10 04:22 AM

Not able to run Python script in Checkpoint GAIA security GW

Hi team,

I have pushing python script from ansible. I have whitelisted python script path in /opt/CPsuite-R77/fw1/conf/whitelist as well.

Getting error : File '/opt/CPsuite-R77/fw1/scripts/ansible-tmp-1549820289.28-125410269476857/AnsiballZ_ping.py' execution is not allowed according to Check Point policy

Please help in this.

7 Replies
Martin_Valenta
Advisor
‎2019-02-10 10:55 PM

Python and modules on CP GW is having limited functionality, you cannot run everything like you would run on pc/server, rather run it from normal linux machine

0 Kudos
Trupti_Deshmukh
Participant
‎2019-02-10 11:33 PM
In response to Martin_Valenta

Hi Martin,

It is ansible control host who is pushing scripts on Checkpoint GAIA gateway R80.10

Has anyone worked for Checkpoint GAIA gateway using Ansible?

Which Remote_tmp path to select to run scripts successfully by ansible on Checkpoint GAIA gateway R80.10?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-11 05:01 PM

What is the purpose of the script you're trying to push?

In general, the number of libraries we include with our Python is limited.

There me be a different way to achieve the result you're after.

0 Kudos
Trupti_Deshmukh
Participant
‎2019-02-11 05:07 PM
In response to PhoneBoy

Hi,

This is command module i am running using in ansible to push commands in checkpoint gateway.

Ansible generates .Py file and executes on gateway.

 It might be the case that pushing commands using command module is not supported by checkpoint. I will check for network_cli module then. Thanks for your responses. It helps.

Where can I get details of ansible modules which are allowed by checkpoint in firewall to run?

Regards,

Trupti

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-11 05:55 PM
In response to Trupti_Deshmukh

If you're trying to have Ansible run commands on a Check Point Security Gateway in this manner, this is not supported.

What you can do today is use an Ansible module to talk with the R80.x Management Server and have it execute commands using the run-script API.

See: Automate your R80 Management Server using Ansible

We also have a REST API on the Gateway that we added fairly recently: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-...

There is not an Ansible module that takes advantage of this just yet.

0 Kudos
Trupti_Deshmukh
Participant
‎2019-02-11 07:03 PM
In response to PhoneBoy

Thanks for information....I would be happy If i get it from EA team for testing.

Please do let me know when ansible module is available to automate Checkpoint R80.10 security gateway

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-11 10:09 PM
In response to Trupti_Deshmukh

Like I said, you can already do it today using the run-script API and the Ansible module I linked in my previous reply.

It's an indirect approach but it works.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top