Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ERTK
Contributor
Contributor

api changes from R80.40 to R81.10 batch files

hello,

Some month ago we deploy a new cluster on R80.40 (SMS and GW) by api and csv batch file (it had 40 interfaces).

I am trying to make the same procedure, with the same csv file (with another name, ips etc) in a SMS R81.10 jumbo 45 and it gives me an error:

the cluster network xxx is missing a valid ip address for some of the members.

 

I run the old SMS (R80.40) run the same commands and csv file...and it works. 

I review the api from R80.40 and R81.10 and it seems that the commands for adding interfaces on simple cluster are identical.....any kind of suggestion will be appreciated.

 

 

 

0 Kudos
22 Replies
PhoneBoy
Admin
Admin

What is the precise command line you're using and what does the CSV file look like?
It could very well be a bug and thus a TAC case may be needed.

0 Kudos
ERTK
Contributor
Contributor

i create cluster 

and i copy paste example from api v1.8:

mgmt_cli -r true set simple-cluster name "fw-vip" interfaces.add.name "eth3" interfaces.add.ip-address "10.10.10.1" interfaces.add.ipv4-mask-length "24" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "true" members.update.1.name "fw-i" members.update.1.interfaces.name "eth3" members.update.1.interfaces.ipv4-address "10.10.10.2" members.update.1.interfaces.ipv4-network-mask "255.255.255.0" members.update.2.name "fw-ii" members.update.2.interfaces.name "eth3" members.update.2.interfaces.ipv4-address "10.10.10.3" members.update.2.interfaces.ipv4-network-mask "255.255.255.0" --format json

message:

 

{
"tasks" : [ {
"task-id" : "01234567-89ab-cdef-add6-8f7057328900",
"task-name" : "set simple-cluster",
"status" : "failed",
"progress-percentage" : 100,
"suppressed" : false,
"task-details" : [ {
"fault-message" : "Action Failed due to an Internal Error"
} ]
} ]

 

 

 

 

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi

The command you're using is set and not add meaning the Cluster already existed?

If so what command did you use to create it?

 

0 Kudos
ERTK
Contributor
Contributor

it is correct, i had created before cluster with command:

mgmt_cli add simple-cluster name "fw-vip" ......

 

that command was executed sucessfull

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Thank you. Could you please share the full command used to create it? I would like to run the full flow.

Thanks

 

0 Kudos
ERTK
Contributor
Contributor

mgmt_cli -r true add simple-cluster name "fw-vip" version "R80.40" ip-address "10.10.11.251" os-name "Gaia" cluster-mode "cluster-xl-ha" firewall true interfaces.1.name "eth2" interfaces.1.ip-address "10.10.11.251" interfaces.1.network-mask "255.255.255.0" interfaces.1.interface-type "cluster" interfaces.2.name "Sync" interfaces.2.interface-type "sync" interfaces.2.topology "INTERNAL" interfaces.2.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask" interfaces.2.topology-settings.interface-leads-to-dmz false members.1.name "fw-i" members.1.one-time-password "vpn123" members.1.ip-address "10.10.11.2" members.1.interfaces.1.name "eth2" members.1.interfaces.1.ip-address "10.10.11.2" members.1.interfaces.1.network-mask "255.255.255.0" members.1.interfaces.2.name "Sync" members.1.interfaces.2.ip-address "1.1.1.1" members.1.interfaces.2.network-mask "255.255.255.248" members.2.name "fw_ii" members.2.one-time-password "vpn123" members.2.ip-address "10.10.11.3" members.2.interfaces.1.name "eth2" members.2.interfaces.1.ip-address "10.10.11.3" members.2.interfaces.1.network-mask "255.255.255.0" members.2.interfaces.2.name "Sync" members.2.interfaces.2.ip-address "1.1.1.2" members.2.interfaces.2.network-mask "255.255.255.248"

0 Kudos
Tal_Paz-Fridman
Employee
Employee

In the add command one object is fw-i and the other is fw_ii  --- hyphen vs. underscore.

later in the set command the object name is shown with hyphen fw-ii while in the add command it is shown with underscore fw_ii


 

Try running:

mgmt_cli -r true set simple-cluster name "fw-vip" interfaces.add.name "eth3" interfaces.add.ip-address "10.10.10.1" interfaces.add.ipv4-mask-length "24" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "true" members.update.1.name "fw-i" members.update.1.interfaces.name "eth3" members.update.1.interfaces.ipv4-address "10.10.10.2" members.update.1.interfaces.ipv4-network-mask "255.255.255.0" members.update.2.name "fw_ii" members.update.2.interfaces.name "eth3" members.update.2.interfaces.ipv4-address "10.10.10.3" members.update.2.interfaces.ipv4-network-mask "255.255.255.0" --format json

0 Kudos
ERTK
Contributor
Contributor

hello, thanks for your answer...this is a copy paste problem mine. i did it with the same name on both commands 

0 Kudos
ERTK
Contributor
Contributor

here the error that report on smartconsole:" 

Task: set simple-cluster
Initiator: WEB_API
Start Time: 26/04/2022 14:59
Completed: 26/04/2022 14:59
Status: Failed
--------------------------------------------------------------------------------
The cluster network eth3 is missing a valid IP address for some of the members.
--------------------------------------------------------------------------------

"

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Both commands worked for me (after fixing the underscore - hyphen issue)

0 Kudos
ERTK
Contributor
Contributor

in which SMS version and jumbo?

0 Kudos
Raj_Khatri
Advisor

ERTK, did you get this working?  Facing a similar issue with APIs working in R80.40 no longer work on R81.10.

0 Kudos
ERTK
Contributor
Contributor

hi, unfortunately issues with this command "mgmt_cli add simple-cluster name"  couldn't solve it, i openned a case with TAC but it didnt solve .

we solved the situation using another approach with other API command , First we create a simple cluster with basics intefaces and then we edit this object with "mgmt_cli set simple-cluster" and bach file.

This approach work for us.

 

 

0 Kudos
Amir_Senn
Employee
Employee

Hi,

Did you try changing the underscore/hyphen?

I think there were no relevant changes in the API but maybe some validation was added in another place that might cause this.

Kind regards, Amir Senn
0 Kudos
ERTK
Contributor
Contributor

It was a transcription error. i changed some details of command in order to hide customer information.

I used the same command and csv in one SMS R80.40 and R80.10.....the first one worked and second failt. 

0 Kudos
Amir_Senn
Employee
Employee

It looks like this is unrelated to the API itself and some new validation were added in R81.10 that caused this issue to happen.

Kind regards, Amir Senn
0 Kudos
Amir_Senn
Employee
Employee

Hi Raj,

Can you also share the full command?

Kind regards, Amir Senn
0 Kudos
Raj_Khatri
Advisor

1. Get the session ID

curl -k --request POST 'https://CMAIP:443/web_api/login' --header 'Content-Type: application/json' --data-raw '{"user" : "USERNAME", "password" : "PASSWORD", "domain" : "DOMAIN"}'

2. Use session ID from above to get routes

curl -k --request POST 'https://CMAIP:443/web_api/v1/run-script' --header 'X-chkp-sid: SESSIONID' --header 'Content-Type: application/json' --data-raw '{"script-name": "Script Example: Show Routes", "script": "netstat -rnv", "targets": ["R80-FW1"]}'

On non-SMB firewalls, this succeeds and returns a task ID.  However, on SMB firewalls (1100, 1400, 1500) it fails with a 'generic_err_object_not_found' error.

0 Kudos
Hugo_vd_Kooij
Advisor

Can you run R80 on 1100 appliances? Not very likely. So how can they even be part of the groep R80-FW1 ?

You can try to run scripts from Smart Console first. If that fails you propably get an error message telling why it can't do it.

But as a general hint: SMB devices are not that much into R80 and thus not that much into automation.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
PhoneBoy
Admin
Admin

It may be the command needs to be with full path to execute successfully on SMB appliances.

0 Kudos
Amir_Senn
Employee
Employee

As a WA you can define the interface while adding the cluster. We will try to promote a solution in R81.10 JHF.

Kind regards, Amir Senn
0 Kudos
ERTK
Contributor
Contributor

the main problem was different commands for adding cluster and adding interface, it made more complicated the batch file and command for execute....i solved with two other approach. i will check it again when i need to migrate another cluster on R81.10 🙂

Thanks for your answered.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events