This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marc_Lampo
Contributor
‎2017-08-02 06:03 AM
Jump to solution

mgmt_cli - delete member from group ?

at first glance, the R80 API documentatoin does not explain how to delete  a member from a group.  Anybody an idea ?

With dbedit, deleting an object, used in a group, implicitly removed the object from that group.

Trying to delete such an object, in R80.10, results in a warning I don't seem to be able to override.

So :

is there a way - via CLI - to remove a group member ?

or is there a way to delete an object with some "force" attribute in case it is used as member in some group ?

Thanks !

Marc

1 Solution

Accepted Solutions
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-08-02 09:50 AM
Jump to solution

You can use where-used and delete all references  .

I do not think that 'force' will be a good idea, you can create a scenario that you break the policy .

For groups, you can use 'remove'

groupsObject vCollection of group identifiers.
or
Object v
Parameter nameValueDescription
removestringRemoves from collection of values
or
List: string
 
or
string
or
List: string

View solution in original post

10 Replies
PhoneBoy
Admin
Admin
‎2017-08-02 08:19 AM
Jump to solution

I believe the correct approach is to use the "set group" command specifying all members of the group BUT the one you want to delete.

Having a proper "delete from group" API call seems like a good suggestion for future releases.

0 Kudos
Marc_Lampo
Contributor
‎2017-08-02 10:31 AM
In response to PhoneBoy
Jump to solution

I'll give it a try - but the first script I'm moving from R77.30 to R80 put 312 members in a group.  If, on the next run, I have to delete one by entering the 311 that should remain ...

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-08-02 11:37 AM
In response to Marc_Lampo
Jump to solution

try this post Smiley Happy

Adding members to a group 

Eric provided example for 'batch' option , with one CSV file and a few moments you be able to complete the task

set group --batch <csvfilename> --format json --ignore-errors true

Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-08-02 09:50 AM
Jump to solution

You can use where-used and delete all references  .

I do not think that 'force' will be a good idea, you can create a scenario that you break the policy .

For groups, you can use 'remove'

groupsObject vCollection of group identifiers.
or
Object v
Parameter nameValueDescription
removestringRemoves from collection of values
or
List: string
 
or
string
or
List: string
PhoneBoy
Admin
Admin
‎2017-08-02 11:25 AM
In response to Ofir_Shikolski
Jump to solution

Nice one... I didn't catch that the first time.

Marc_Lampo
Contributor
‎2017-08-02 11:58 AM
In response to Ofir_Shikolski
Jump to solution

Thanks for your help !

Interestingly enough the on-line API documentation does not mention "remove" as possibility ...

And I already found that adding "ignore-warnings true" to the "mgmt_cli delete network ..." does the trick.

Juan_Concepcion
Advisor
‎2019-09-05 01:30 PM
In response to Marc_Lampo
Jump to solution

To remove members from a group (not documented anywhere I could find - trial and error!!!) :

File format:

name,members.remove

group_name,host1

group_name,host2

group_name,host3

group_name,host4

group_name,host5

group_name,host5

 

Format to run the batch file:

 

mgmt_cli -r true set group name group_name -b batch_file_name.txt

Vince_Marinov
Contributor
‎2021-02-16 11:30 AM
In response to Juan_Concepcion
Jump to solution

Hello,

I was looking into that conversation and I would like to ask if there was any solution provided in the new releases?

I am trying to figure out if there is a specific API call that can remove an object from a group. 

Thanks,

Vince

0 Kudos
PhoneBoy
Admin
Admin
‎2021-02-16 12:43 PM
In response to Vince_Marinov
Jump to solution

The above solution translates to the following API call: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-group~v1.7

0 Kudos
Juan_Concepcion
Advisor
‎2021-02-16 12:50 PM
In response to PhoneBoy
Jump to solution

updating with single run and how to get it into batch format:
 
mgmt_cli -r true set group name <group_name> members.remove <object_name_to_be_removed>
 
>Batch remove members from group:
 
Header in txt file:
 
group_name, members.remove
 
mygroup, mymember1
mygroup, mymember2
mygroup, mymember3
 
CLI command to run:  mgmt_cli -r true set group name group_name -b batch_file_name.txt
 

if you only do the set it will overwrite everything in group (i've done this before had to put back 350 objects into group)

--Juan

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events