Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Using SmartConsole Demo Mode Server for API testing

Since R80, the only way to use SmartConsole in Demo Mode is to connect to a server.
We host Demo Mode servers in the cloud for currently supported versions for this reason.
These Demo Mode servers can be used to test API calls.
These servers are only available for short-term usage (a few hours at the most).

@Tomer_Sole did a post on this a while back, so this isn't new knowledge.
Some of the basic details have changed since then, so it's worth a new post on this topic.

To get access to the Demo Mode server for API access, use your preferred version of SmartConsole and open it in Demo Mode.
In this example, we're using R81, but it should be the same basic steps with any currently supported R8x version.

First, we need to create a user with known credentials.
That is done in Manage & Settings > Permissions and Administrators.
Click on the "add user" button as shown here.

image.png

Create a user like similar to:

image.png

Confirm that the API server will accept connections from any IP.
This is done in Manage & Settings > Blades > Management API.
It should look like the following (this is the default in R81):

image.png

Publish the changes:

Screen Shot 2021-07-02 at 8.01.39 PM.png

Now you can use the API server with known credentials.
Next step is to get the IP address of the management server.
Click on Cloud Demo Server > Demo Server Information > Copy server IP address to clipboard:

image.png

Now: how to test the API?
You can use any REST API client you want while the API server is active.
This can be something you've written or something like mgmt_cli from any Check Point gateway/management running R80 or above.

You can also use mgmt_cli from the SmartConsole host as well on Windows.
mgmt_cli.exe is installed in the same directory as the SmartConsole binary.
For example, in R81, it is in C:\Program Files (x86)\CheckPoint\SmartConsole\R81\PROGRAM
In this example, you can see that I:

  • Logged in, accepting the fingerprint from the management server, and copied the sid value from the output to use for other commands.
  • Created the host MyHost with IP address 1.2.3.4
  • Published the session
  • Logged out

You can see the results from the screenshot below:

image.png

 

1 Reply
Don_Paterson
Advisor

Nice. 

 

This is something else that can be tried to add multiple hosts (without using the batch option) while using the session ID captured into a text file ( > ) and then read from the text file ( -s ).

You will know this option but might help someone who is new to the management API 🙂

 

C:\Program Files (x86)\CheckPoint\SmartConsole\R81\PROGRAM\mgmt_cli.exe

mgmt_cli login user aa password vpn123 -m 54.241.188.146 > api-session.txt
mgmt_cli add host name A-PC ip-address 10.1.1.5 color green -m 10.1.1.101 -s api-session.txt
mgmt_cli add host name A-Host ip-address 10.1.1.6 color green -m 10.1.1.101 -s api-session.txt
mgmt_cli add host name B-Host ip-address 10.1.1.7 color green -m 10.1.1.101 -s api-session.txt
mgmt_cli add host name A-LDAP-Server ip-address 192.168.11.5 color orange -s api-session.txt
mgmt_cli add host name A-DMZ-Server ip-address 192.168.12.5 color red -s api-session.txt
mgmt_cli add host name B-DMZ-Server ip-address 192.168.13.5 color red -s api-session.txt
mgmt_cli add host name C-DMZ-Server ip-address 192.168.14.5 color red -s api-session.txt
mgmt_cli publish -m 54.241.188.146 -s api-session.txt
mgmt_cli logout -m 54.241.188.146 -s api-session.txt

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events