This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vlad_Tonne
Employee Alumnus
Employee Alumnus
‎2019-10-16 04:26 AM
Jump to solution

Web API - setting track level

Hi CheckMates,

 

Encountered an issue with Management API while creating a rule via Web API.

Trying to set track level according to https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/set-access-rule~v1.5%20   , track field is able to receive "log"  (even though it seems not to be documented).

However, it automatically switches on "Accounting" log feature as well.

Trying to adjust the accounting setting results in an error.

 

Any thoughts how it can be resolved?

 

Sent payload that creates a rule with logging enabled plus accounting:

payload_For_API = {
        "layer": "Network",
        "position": "top",
        "name": "API 1",
        "action": "Accept",
        "destination": "hst_dst_1.10.1.100",
        "service": "Kubernetes1",
        "enabled": True,
        "source": "Any",
        "track": "log"
}

 

Trying to use track.type (as in https://community.checkpoint.com/t5/Policy-Management/change-to-Track-setting-in-policy/m-p/47958#M2...) results in 

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.type]'}

 

Trying to configure track using additional fields:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

or:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "log" , {"accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

 

Thanks,

Vlad Tonne

1 Solution

Accepted Solutions
Amiad_Stern
Employee
Employee
‎2019-10-17 12:01 AM
In response to Maik
Jump to solution

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

View solution in original post

8 Replies
Maarten_Sjouw
Champion
Champion
‎2019-10-16 04:36 AM
Jump to solution

try to use "track.accounting true"
Regards, Maarten
0 Kudos
Maik
Advisor
‎2019-10-16 04:40 AM
In response to Maarten_Sjouw
Jump to solution

As Maarten mentioned "track.accounting true" should work fine.

The documentation mentions that accounting only accepts boolean values; meaning true or false.

The "type" option can only be used with "Log", "Extended Log", "Detailed Log" or "None".

Unbenannt.PNG

Vlad_Tonne
Employee Alumnus
Employee Alumnus
‎2019-10-16 05:14 AM
In response to Maik
Jump to solution

Hi,

 

Usage of "track.accounting" results in error.

 

"track": "log",
"track.accounting": False

{'layer': 'Network', 'position': 'top', 'name': 'API 1', 'action': 'Accept', 'destination': 'hst_dst_1.10.1.100', 'service': 'Kubernetes1', 'enabled': True, 'source': 'Any', 'track': 'log', 'track.accounting': False}

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.accounting]'} 

 

BR,

Vlad Tonne.

 

0 Kudos
Maik
Advisor
‎2019-10-16 05:25 AM
In response to Vlad_Tonne
Jump to solution

Works via management cli:

 

"add access-rule name 'Test' layer Network position bottom track.accounting true"

 

My guess is that you cant use both statements with one task:

"track": "log",
"track.accounting": False

 

Try to create the rule with track log first and afterwards use the set access rule command and enable account via "track.accounting": True.

Vlad_Tonne
Employee Alumnus
Employee Alumnus
‎2019-10-16 05:46 AM
In response to Maik
Jump to solution

Already tried that.
Still same issue when doing the setting via Web API.

BR,
Vlad
0 Kudos
Maik
Advisor
‎2019-10-16 07:11 AM
In response to Vlad_Tonne
Jump to solution

Maybe @Amiad_Stern can help.

0 Kudos
Amiad_Stern
Employee
Employee
‎2019-10-17 12:01 AM
In response to Maik
Jump to solution

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

Vlad_Tonne
Employee Alumnus
Employee Alumnus
‎2019-10-17 12:53 AM
In response to Amiad_Stern
Jump to solution

Rule creation worked without accounting, upon setting:
payload_For_API = {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": False,
"type": "Log"
},
"layer": "Network"
}

It might be worthwhile to add in API documentation "required" for "type" when additional flags like "accounting" are to be used.

Thanks,
Vlad

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events