- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi CheckMates
Can anyone provide a working example of how to use “domains_to_process”. I just came across this parameter and was wondering how to use it correctly.
As I understand it, the intention is to search across domains for fx. hosts.
Doing something like this:
mgmt_cli show hosts domains-to-process "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" --format json -s id.txt
I just can’t seem to make it work. I tried using it with id.txt set to “System Data” but without success.
Guessing that I’m misunderstanding the intended use case.
Much appreciated if anyone have examples to share.
Hi @abr ,
Since domains-to-process is a list, it should be something like this:
mgmt_cli show hosts domains-to-process.1 "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" ignore-warnings true --format json -s id.txt
"domains-to-process" does not seem to be a part of any valid command in the first place. Where are you taking this example from?
The documentation:
https://sc1.checkpoint.com/documents/latest/APIs/?#cli/show-hosts~v1.9.1%20
domains-to-process | List: string Default: CURRENT_DOMAIN |
Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are: CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. |
What's the exact output when you try to use that command?
Also see the note about including ignore-warnings true in the API docs.
Hi PhoneBoy
Result of trying the command with domain set to "System Data" in my id.txt file on API version "1.9.1".
I assume that by "ignore-warnings true" they mean "--ignore-errors true" .
------------------------------------------------------------------------------------------------------------------------------------
Command:
mgmt_cli show hosts domains-to-process "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" --format json --ignore-errors true -s id.txt
Output:
{
"code" : "generic_err_invalid_parameter",
"message" : "Parameter [domains-to-process] value is not valid"
}
------------------------------------------------------------------------------------------------------------------------------------
To me it seems like the parameter "domains-to-process" simply is not an option
ignore-warnings and ignore-errors are actually different things.
@Omer_Kleinstern any other ideas?
Hi @abr ,
Since domains-to-process is a list, it should be something like this:
mgmt_cli show hosts domains-to-process.1 "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" ignore-warnings true --format json -s id.txt
I can confirm this works, though in testing it I found what seems likely to be a bug in mgmt_cli's processing of session files. I'll open a ticket about that.
The "ignore-warnings" key doesn't appear in any of the API documentation I've checked, though I haven't checked exhaustively.
[Expert@MyMDS:0]# mgmt_cli -f json -d "MDS" -r true login >session.txt
[Expert@MyMDS:0]# mgmt_cli -f json -s session.txt show hosts limit 2 domains-to-process.1 ALL_DOMAINS_ON_THIS_SERVER ignore-warnings true
{
"objects" : [ {
"uid" : "08f0e998-b092-49ef-83cb-f56b367e4c5c",
"name" : "SomeHost",
"type" : "host",
"domain" : {
"uid" : "f538d6a9-dd21-40cc-b400-c758b2a05882",
"name" : "CMA_1",
"domain-type" : "domain"
},
"ipv4-address" : "2.3.4.5",
"icon" : "Objects/host",
"color" : "black"
}, {
"uid" : "ccb0a948-c5ed-43e3-9e2f-f8aa331b3bcb",
"name" : "SomeHost_2",
"type" : "host",
"domain" : {
"uid" : "11415233-c3d4-4c3b-bc8b-6413ba75f64d",
"name" : "CMA_2",
"domain-type" : "domain"
},
"ipv4-address" : "3.4.5.6",
"icon" : "Objects/host",
"color" : "black"
} ],
"from" : 1,
"to" : 2,
"total" : 55184
}
Note that this only makes sense on an MDS, and the "System Domain" is named "MDS".
It technically works on SmartCenters when you log in to the "System Data" domain, but a SmartCenter can only contain one domain, so there's no real point to doing it. You may as well log in to the functional domain directly.
@Bob_Zimmerman
Thanks for testing command and explaining the "System Domain" for MDS environments.
It make sense to use this for looking up hosts across domains within a MDS environment.
Help and input much appreciated!
Thanks for explaining this to me. Much appreciated!
I had no idea on how to "represent" a list with "strs" in the mgmt_cli. I tried all kinds of list formats. I had never guessed that it had to be represented using ".1"
I did not find any direct documentation on the "ignore-warnings true" in the documentation. It is stated to apply it to this command. Still it is not documented as an argument/option.
I think it might be helpfull for others if documentation was updated with an examples for "List: String" and "ignore-warnings true"
Btw when using REST domains-to-process is used like this:
POST {{server}}/show-groups Content-Type: application/json X-chkp-sid: {{session}} { "filter" : "some-name",
"ignore-warnings" : "true", "domains-to-process": ["ALL_DOMAINS_ON_THIS_SERVER"], "details-level" : "standard" }
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
4 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY