Solved: checkpoint mgmt API - show-access-rulebase

sid786 · ‎2023-12-26

Hi Experts,

MDS version - R81.10 JH 90

API version - 1.8.1

I am running python script to get the output of show-access-rulebase.

when I set attribute ("use-object-dictionary": false) then I am getting below error. but when I set this attribute to true then I am getting proper response.

Could you please suggest any workaround for this issue. I want response output with "use-object-dictionary": false ?

I tried to increase response timeout from default 600 to 1000 but no luck. We are not using any proxy in between .. Its a direct connection to Checkpoint mgmt API

++++++++++++++ Error msg from postman++++++++++

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html>

<head>

<title>502 Proxy Error</title>

</head>

<body>

<h1>Proxy Error</h1>

<p>The proxy server received an invalid

response from an upstream server.<br />

The proxy server could not handle the request

<p>Reason: <strong>Error reading from remote server</strong></p>

</p>

</body>

</html>

Thanks in advance.

sid786 · ‎2023-12-27

Hello All,

Issue got resolved. I just tweak the Limit attribute from 500 to 300 and its works with ("use-object-dictionary": false)

I got all the rules from rulebase.

cheers 🙂

View solution in original post

Kyle_KernelCave · ‎2023-12-26

Can you share your code?

There's an example of how this should work in the API documentation:

POST {{server}}/show-access-rulebase
Content-Type: application/json
X-chkp-sid: {{session}}

{
  "offset" : 0,
  "limit" : 20,
  "name" : "Network",
  "details-level" : "standard",
  "use-object-dictionary" : true
}

The "use-object-dictionary" key should be part of the payload that you send with your POST request.

It also looks like you're getting a 502 error. Is there a proxy or firewall between your machine making the API request and the MDS?

Additional question, since you're working with an MDS are you making sure to login to the CMA context that you want to query after you login to the MDS?

sid786 · ‎2023-12-27

Hi Kyle KernelCave,

There is no proxy configured in between automation server & MDS. I am using below syntax as a payload.

Tested in postman. Please find attached snap.

When I change "use-object-dictionary": True then its working .. but that is not my requirement.

I am suspecting that MDS is taking time to send the response. but even I have increase default response timeout to 900 ..still its not working.

Bob_Zimmerman · ‎2023-12-26

"use-object-dictionary":false definitely works in general. I've made every single show-access-rulebase call with that setting for years.

What does the rest of your call look like?

I don't remember if I have tried on R81.10 jumbo 90 specifically, but I've tried on 87 and 109.

sid786 · ‎2023-12-27

Hi Bob,

Please find my attached payload for this request.

sid786 · ‎2023-12-27

Hello All,

Issue got resolved. I just tweak the Limit attribute from 500 to 300 and its works with ("use-object-dictionary": false)

I got all the rules from rulebase.

cheers 🙂

_Val_ · ‎2023-12-27

Thanks for sharing

PhoneBoy · ‎2023-12-27

I assume the underlying issue is the API server ran out of memory or similar.
This is one reason we limit the number of results the API will return.
Might still be worth a TAC case as the API should return a more meaningful error when this occurs.

sid786 · ‎2023-12-27

Sure @PhoneBoy I will check this with TAC. Thanks.

Are you a member of CheckMates?

checkpoint mgmt API - show-access-rulebase