Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Denis_Leskovar
Participant

Web API read-only login problem

Hi,

I have this weird problem. I am using vRealize orchestrator with JS. 

When I want to login to our R80 checkpoint via script, I only get read only access, even tho I set parameter read-only to false. Here is the JSON I send

{"user":"someRandomUsername","password":"someRandomPassword","continue-last-session":false,"session-timeout":300,"read-only":false}

I can login and I can logout, discard, show-network. I set SID in header and it works in our test enviroment, but on production it fails. Our production environment in more or less the same and using 1.1. version of api. 

When I want to call show-access-rulebase it returns undefined. It is quite large but it shouldn't be a problem because my program waits for the response.

I have no problem and have full read-write access when I login to r80 with SmartConsole,

I have like zero idea what is going wrong, plz help Smiley Happy

Thanks

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

First of all, if you're using a read-only user, you will not be able to ask for read-write mode Smiley Happy

Even so, that parameter shouldn't be necessary unless you are a read-write user and you explicitly want read-only access.

Second, the show-access-rulebase command is, by default, limited to 500 items.

You can request more items, but you will get unpredictable results if you do so.

This means you will need to make multiple show-access-rulebase calls with offset parameters in order to retrieve all the rules.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Can this bug or featureSmiley Happy with 500 rules be fixed in the next version?

Is there a rational explanation for this?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
PhoneBoy
Admin
Admin

The more items an API call has to return, the longer it takes for that API to return a result, the more memory required to provide it, etc.

The limits for the various API calls were chosen to balance those needs.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

In times of 16 GB RAMSmiley Happy.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Denis_Leskovar
Participant

I am using user with read-write acces, I can use smartconsole with that user without problems.

I am looping through rulebase, using max limit of 500 results. 

Denis_Leskovar
Participant

Well, I guess there is some weird bug if you have running instance of SmartConsole with same user and opened view of rulebase. Same applies if you add new interface to e.g. VSX, if you open edit window and then run command with vsx_provisioning_tool from SSH with clish, it won't work.

As for 16 gigs of ram. Rulebase of around 400 rules takes around 4 to 5 seconds to retrieve on machine with 16 gigs of ram. I don't know if it is problem with vRealize Orchestrator or is the nature of CP. I didn't test it with other backend.

0 Kudos
_Val_
Admin
Admin

Please open a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events