This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joshua_Boerum
Participant
‎2016-07-01 11:11 AM
Jump to solution

Policy Install Error - API

Below done VIA API


If I create a rule:

Source: 1.1.1.1 Desination: 2.2.2.2 Port: tcp_80 Action: Drop

Then create a rule:

Source: 1.1.1.1 Desination: 2.2.2.2 Port: tcp_80 Action: Accept

Then publish and install policy through the API it is successful.

When I goto the GUI it says policy install failed. Is it possible to have this error defined through the API response with a clear description as to why it failed?

0 Kudos
1 Solution

Accepted Solutions
Uri_Bialik
Mod
Mod
‎2016-07-01 11:44 AM
Jump to solution

Hi Joshua,

When you call the install-policy API and the server responds with "200 OK", it means that the server has accepted the request to install policy. The actual status of the policy installation is still unknown at this point as the policy installation process may take a few minutes.

Have a look at the server response, you'll see that the response payload contains a "task-id".

You can use this "task-id" token to check on the policy installation progress, final status and list or errors/warnings.

To do that, call the "show-task" API and provide the task-id that you got from the "install-policy" API as an argument.

I recommend calling the "show-task" API with the parameter "details-level" set to "full".

Uri

View solution in original post

4 Replies
Uri_Bialik
Mod
Mod
‎2016-07-01 11:44 AM
Jump to solution

Hi Joshua,

When you call the install-policy API and the server responds with "200 OK", it means that the server has accepted the request to install policy. The actual status of the policy installation is still unknown at this point as the policy installation process may take a few minutes.

Have a look at the server response, you'll see that the response payload contains a "task-id".

You can use this "task-id" token to check on the policy installation progress, final status and list or errors/warnings.

To do that, call the "show-task" API and provide the task-id that you got from the "install-policy" API as an argument.

I recommend calling the "show-task" API with the parameter "details-level" set to "full".

Uri

Joshua_Boerum
Participant
‎2016-07-01 11:58 AM
In response to Uri_Bialik
Jump to solution

Thanks for the information.

This makes things difficult when installing policy VIA the API. Mainly due to the fact that I have to rely on another API to check if the latest policy installed was successful or not and also knowing if the response is from the latest policy install.

0 Kudos
Uri_Bialik
Mod
Mod
‎2016-07-01 12:32 PM
In response to Joshua_Boerum
Jump to solution

Every install-policy request generates a new task-id token, so when you call the show-task API there's no question which status you get.

The task-id / show-task mechanism is our way of dealing with a-synchronous operations.

Waiting for the policy install operation to complete before sending the response, may trigger HTTP timeout errors.

More on that in this thread:

Using a-synchronous commands (e.g. publish, install-policy and run-script)  

0 Kudos
Uri_Bialik
Mod
Mod
‎2016-07-01 12:36 PM
In response to Uri_Bialik
Jump to solution

Having said that, we're open for suggestions that can improve the install-policy API and other APIs with potentially long processing time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top