This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nWatne
Explorer
Explorer
‎2020-06-18 11:49 AM

Where-Used Indirect Limited Results

Is there a limit to the amount of results that will be returned when a where-used API (v1.5) call is made?  I've got a scenario where when I call where-used for a particular object and set indirect to true, Check Point only returns a subset of what I'm expecting.  Doing a subsequent where-used call on the specific indirect group name (instead of the host), will return the correct number of results.  From what I can tell, this seems to be a limitation for indirect usage only.

 

If there is a limit, is there a way to increase that number?  I tried adding the limit parameter in my data field like some of the other API calls will take, but Check Point returns an unrecognized parameter error.

 

For example:

When doing a where used in SmartConsole and selecting the indirect box, I'll get back a group and 50+ indirect rules.   When doing a where-used via an API call on that same object, I'll only get 22 indirect results back.  

 

curl -X POST "https://<management_server>/web_api/where-used" -H "Content-Type: application/json" -H "X-chkp-sid: <sid>" -d "{\"name\" : \"<object_name>\", \"indirect\" :\"true\"}"

{
"used-directly" : {
"total" : 1,
"objects" : [ {
"uid" : "z3efe4b-597d-4cc0-b78a-49aaee6af055",
"name" : "grp_name_1",
"type" : "group",
"domain" : {
"uid" : "c3a7c90c-af41-e949-9c2d-wwcaf8a46dcc3",
"name" : "Domain 1",
"domain-type" : "domain"
}
} ],
"threat-prevention-rules" : [ ],
"nat-rules" : [ ],
"access-control-rules" : [ ]
},
"used-indirectly" : {
"total" : 22,
"objects" : [ {
"uid" : "zw366a6d-900c-45e2-69b4-266e4e22i85c",
"name" : "grp_name_2",
"type" : "group",
"domain" : {
"uid" : "c3a7c90c-af41-e949-9c2d-wwcaf8a46dcc3",
"name" : "Domain 1",
"domain-type" : "domain"
},

........

}

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2020-06-18 02:56 PM

Note that EVERY API call that returns more than one results has a limit.
The exact limit varies based on the API call, but can be as few as 20 or as many as 500.
Usually, you can figure out if you're being gated by the presence of limit/offset values in the output.
In that case, you'd make multiple successive API calls using the limit/offset parameters to get all the results.
While you can increase the limit arbitrarily, it's not recommended as it will cause unpredictable results. 

In this case, I don't even see limit/offset values in the documentation for where-used either as input our output. 
@Omer_Kleinstern and team will have to clarify that.

To this specific example, it's quite possible SmartConsole is actually doing additional processing over the initial where-used call results to get all the results shown.
Or, SmartConsole is specifying a greater indirect-max-depth than the default of 5 when it does the search.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events