Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dotank2
Participant
Jump to solution

mgmt_cli

hi all,

 

hi trying to create very simple script.

im using command line from the smart console. i create a group  and i want to add all geo policy countries i have.

i create a group using set group name "Geo-Block"

and now i want to add countries. 

so i do: set group name "Geo-Block" members.add "countrie1" members.add "countries2" and its not working

 

 the error is:

code:"generic_err_object_not_found"

message: "Requested object [countrie1] not found"

 

0 Kudos
3 Solutions

Accepted Solutions
Bob_Zimmerman
Mentor
Mentor

Another important note. This syntax:

mgmt_cli ... members.add "country1" members.add "country2"

won't actually work. You need to specify it like this:

mgmt_cli ... members.add.1 "country1" members.add.2 "country2"

 

View solution in original post

0 Kudos
Bob_Zimmerman
Mentor
Mentor

That error indicates the command you actually ran was slightly different. Something like this:

set group name "Geo-Block" members.add.1 "Albania1"

After running this:

[Expert@DallasSA]# mgmt_cli -f json -r true update-updatable-objects-repository-content
...
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 0 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 1000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 1500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 2000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 2500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 3000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 3500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 4000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# wc -l updatable.json 
4249 updatable.json
[Expert@DallasSA]# grep "GEO Locations" updatable.json | jq '."name-in-updatable-objects-repository"' | sort
"Afghanistan"
"Africa"
"Aland Islands"
"Albania"
"Algeria"
"American Samoa"
"Andorra"
"Angola"
"Anguilla"
"Antarctica Other"
"Antarctica"
...

you can see all of the country object names. Each country object must be imported via 'mgmt_cli ... add updatable-object uid-in-updatable-objects-repository <UUID>' before you can actually use it. Once imported, the names will be as above.

View solution in original post

(1)
Bob_Zimmerman
Mentor
Mentor

After creating updatable.json as above, you can import all of the objects in the "GEO Locations" tree like so:

[Expert@DallasSA]# mgmt_cli -f json -r true login > session.txt

[Expert@DallasSA]# grep "GEO Locations" updatable.json | jq '."uid-in-updatable-objects-repository"' | xargs -L 1 -I % mgmt_cli -f json -s session.txt add updatable-object uid-in-updatable-objects-repository %
...

[Expert@DallasSA]# mgmt_cli -f json -s session.txt publish
...

[Expert@DallasSA]# mgmt_cli -f json -s session.txt logout && rm session.txt

On a lab SmartCenter (Hyper-V VM on an Intel Atom C3758; 2c, 8 GB, 200 GB storage backed by a ~1 GB/s SATA SSD array), all that took about five minutes (including writing the commands) and left me with 258 objects in my management.

Afterwards, I ran this to test all of the country names you've reported problems with:

[Expert@DallasSA]# mgmt_cli -f json -s session.txt add group name "Geo-Block" members.1 Albania members.2 Algeria members.3 Togo members.4 Tunisia
{
  "uid" : "6ff07760-8c91-41ed-92b0-2f497d30aa83",
  "name" : "Geo-Block",
  "type" : "group",
  "domain" : {
    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name" : "SMC User",
    "domain-type" : "domain"
  },
  "members" : [ {
    "uid" : "09bfd6cf-3608-4ef1-9e10-5553a81083c8",
    "name" : "Tunisia",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_tn",
    "color" : "black"
  }, {
    "uid" : "a6e54df5-4b0c-46ee-a081-25575b36e66a",
    "name" : "Algeria",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_dz",
    "color" : "black"
  }, {
    "uid" : "54346ff0-2d5e-42f2-9a3e-f3c9c18d126c",
    "name" : "Togo",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_tg",
    "color" : "black"
  }, {
    "uid" : "9125b1e0-891c-41d1-81ac-1d90f63bbcb0",
    "name" : "Albania",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_al",
    "color" : "black"
  } ],
  "groups" : [ ],
  "comments" : "",
  "color" : "black",
  "icon" : "General/group",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1689861228450,
      "iso-8601" : "2023-07-20T09:53-0400"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1689861228450,
      "iso-8601" : "2023-07-20T09:53-0400"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}

To update an existing group, you would need to use 'set' instead of 'add', and all of the mentions of 'members.' should be replaced with 'members.add.'.

View solution in original post

0 Kudos
30 Replies
Tal_Paz-Fridman
Employee
Employee

What is the version you are using? Are you trying to add to the older Geo Policy or to the Access Control Rulebase? 

For adding to the Rulebase which is the recommended way you first need to import the relevant Updatable Object:

https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-updatable-object~v1.9%20

 

0 Kudos
dotank2
Participant

hi

im use management version r81.10.

i have geo policy in the shared policy. and i want to create rule in the access rule with all the  countries that i want to block. 

so i create a group, and  I can't add country objects to the group.

and the command  "show updatable-objects-repository-content" not give me the parameter of uri.

0 Kudos
dotank2
Participant

And something strange happens, when I blocked for example Israel it worked.
Me trying to block Albania doesn't work

this is work: set group name "Geo-Block" members.add "israel" 

this is now working: set group name "Geo-Block" members.add "albnia"

0 Kudos
the_rock
Legend
Legend

In the command, you mispelled Albania...it shows albnia

0 Kudos
Bob_Zimmerman
Mentor
Mentor

Another important note. This syntax:

mgmt_cli ... members.add "country1" members.add "country2"

won't actually work. You need to specify it like this:

mgmt_cli ... members.add.1 "country1" members.add.2 "country2"

 

0 Kudos
the_rock
Legend
Legend

Thats it, just verified!

0 Kudos
dotank2
Participant

hi

thank you for your response.

i do the command:

set group name "Geo-Block" members.add.1 "Albania" members.add.2 "Algeria"

and the error is same:

code: "generic_err_object_not_found"
message: "Requested object [Albania1] not found"

0 Kudos
Hugo_vd_Kooij
Advisor

Can you break down the chnage into adding 1 country per line? That is how I would do it anyway as I can then loop over a list. Be it 1 or 10 or 100 countries it will be the same code.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
dotank2
Participant

hi

i try it, also don't works 

0 Kudos
Bob_Zimmerman
Mentor
Mentor

That error indicates the command you actually ran was slightly different. Something like this:

set group name "Geo-Block" members.add.1 "Albania1"

After running this:

[Expert@DallasSA]# mgmt_cli -f json -r true update-updatable-objects-repository-content
...
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 0 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 1000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 1500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 2000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 2500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 3000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 3500 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# mgmt_cli -f json -r true show updatable-objects-repository-content details-level full limit 500 offset 4000 | jq -c '.objects[]|.' >> updatable.json
[Expert@DallasSA]# wc -l updatable.json 
4249 updatable.json
[Expert@DallasSA]# grep "GEO Locations" updatable.json | jq '."name-in-updatable-objects-repository"' | sort
"Afghanistan"
"Africa"
"Aland Islands"
"Albania"
"Algeria"
"American Samoa"
"Andorra"
"Angola"
"Anguilla"
"Antarctica Other"
"Antarctica"
...

you can see all of the country object names. Each country object must be imported via 'mgmt_cli ... add updatable-object uid-in-updatable-objects-repository <UUID>' before you can actually use it. Once imported, the names will be as above.

(1)
the_rock
Legend
Legend

Thanks @Bob_Zimmerman ...thats SUPER HELPFUL mate 👍👍👍

0 Kudos
dotank2
Participant

yes but how do i import all of the list?

0 Kudos
Bob_Zimmerman
Mentor
Mentor

After creating updatable.json as above, you can import all of the objects in the "GEO Locations" tree like so:

[Expert@DallasSA]# mgmt_cli -f json -r true login > session.txt

[Expert@DallasSA]# grep "GEO Locations" updatable.json | jq '."uid-in-updatable-objects-repository"' | xargs -L 1 -I % mgmt_cli -f json -s session.txt add updatable-object uid-in-updatable-objects-repository %
...

[Expert@DallasSA]# mgmt_cli -f json -s session.txt publish
...

[Expert@DallasSA]# mgmt_cli -f json -s session.txt logout && rm session.txt

On a lab SmartCenter (Hyper-V VM on an Intel Atom C3758; 2c, 8 GB, 200 GB storage backed by a ~1 GB/s SATA SSD array), all that took about five minutes (including writing the commands) and left me with 258 objects in my management.

Afterwards, I ran this to test all of the country names you've reported problems with:

[Expert@DallasSA]# mgmt_cli -f json -s session.txt add group name "Geo-Block" members.1 Albania members.2 Algeria members.3 Togo members.4 Tunisia
{
  "uid" : "6ff07760-8c91-41ed-92b0-2f497d30aa83",
  "name" : "Geo-Block",
  "type" : "group",
  "domain" : {
    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name" : "SMC User",
    "domain-type" : "domain"
  },
  "members" : [ {
    "uid" : "09bfd6cf-3608-4ef1-9e10-5553a81083c8",
    "name" : "Tunisia",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_tn",
    "color" : "black"
  }, {
    "uid" : "a6e54df5-4b0c-46ee-a081-25575b36e66a",
    "name" : "Algeria",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_dz",
    "color" : "black"
  }, {
    "uid" : "54346ff0-2d5e-42f2-9a3e-f3c9c18d126c",
    "name" : "Togo",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_tg",
    "color" : "black"
  }, {
    "uid" : "9125b1e0-891c-41d1-81ac-1d90f63bbcb0",
    "name" : "Albania",
    "type" : "updatable-object",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "icon" : "@app/cp_geo_al",
    "color" : "black"
  } ],
  "groups" : [ ],
  "comments" : "",
  "color" : "black",
  "icon" : "General/group",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1689861228450,
      "iso-8601" : "2023-07-20T09:53-0400"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1689861228450,
      "iso-8601" : "2023-07-20T09:53-0400"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}

To update an existing group, you would need to use 'set' instead of 'add', and all of the mentions of 'members.' should be replaced with 'members.add.'.

0 Kudos
dotank2
Participant

works thank you

0 Kudos
the_rock
Legend
Legend

Thanks for the update!

0 Kudos
dotank2
Participant

also i do ssh to the managment.

and same command i get an error:

"Authentication to server failed."

but the username is correct and i have permission "GAIA api"

0 Kudos
dotank2
Participant

updating

 

The script works only on objects built in the system.

The problem is that it is an updateable object, for example countries.

That is, I do the command:
mgmt_cli set group name "Geo-Block" members.add.1 "host1" members.add.2 "host2" > working

And I do the command:
mgmt_cli set group name "Geo-Block" members.add.1 "Togo" members.add.2 "Tunisia" > not working

And I get a message that it can't find the object.

Now the strange thing is, I do the command:
set group name "Geo-Block" members.add "israel" it works (only on Israel, when I change the country for example Togo, it doesn't work)

 

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Did you import the relevant Updatable Object into the database?

https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-updatable-object~v1.9%20

0 Kudos
the_rock
Legend
Legend

I just tested on R81.20 mgmt server and it failed as well...weird

[Expert@QUANTUM-MANAGEMENT:0]# mgmt_cli set group name "geo-block-test" members.add "albania"
Username: admin
Password:
code: "generic_err_object_not_found"
message: "Requested object [geo-block-test] not found"

Executed command failed. Changes are discarded.
[Expert@QUANTUM-MANAGEMENT:0]#

0 Kudos
_Val_
Admin
Admin

You need to fetch the category first. Did you?

0 Kudos
the_rock
Legend
Legend

Hey Val,

Can you clarify what you are referring to exactly?

Cheers,

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Description

Import an updatable object from the repository to the management server. This operation takes effect immediately and doesn't require publishing.

 

https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-updatable-object~v1.9%20 

0 Kudos
Bob_Zimmerman
Mentor
Mentor

That message is saying the group you're trying to add the member to doesn't exist. 'set' won't create a group.

(1)
the_rock
Legend
Legend

@Bob_Zimmerman ...layer 8 problem Homer Simpson moment...DUH lol

Anyway, command @dotank2 gave did actually work now

[Expert@QUANTUM-MANAGEMENT:0]# mgmt_cli set group name "geo-group-test" members.add.1 "Togo" members.add.2 "Tunisia"
Username: admin
Password:


---------------------------------------------
Time: [10:59:37] 19/7/2023
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@QUANTUM-MANAGEMENT:0]#

Andy

0 Kudos
dotank2
Participant

hi @the_rock 

I have a slightly different error message.
The problem for me is the country object, for example Tunisia.
With you, he registered on the group itself.

Anyway, it still doesn't work for me.
And it is not clear what command I need to give to import the updateable object

i used the command:mgmt_cli add updatable-object uid-in-updatable-objects-repository Togo

but i get error:

mgmt_cli add updatable-object uid-in-updatable-objects-repository Togo
Username: XXXX
Password: XXXX
code: "generic_error"
message: "Parameter [uid-in-updatable-objects-repository] with value [Togo] not found."

Executed command failed. Changes are discarded.

 

 

0 Kudos
the_rock
Legend
Legend

Understood...let me test it later and see what happens.

Andy

0 Kudos
the_rock
Legend
Legend

I just tried and get the same, but based on the error we see, appears its the parameter thats wrong...

0 Kudos
genisis__
Leader Leader
Leader

Question:

Is there a way to do a dry run of mgm_cli commands to catch any syntax errors etc, prior to a scheduled implementation?  Would be dame handy if this was possible.

0 Kudos
Bob_Zimmerman
Mentor
Mentor

You can always log in with a read/write session (not using 'read-only true'), run commands, then discard the session afterwards. Only a few things like installing policy and building firewall objects have effects which persist even if you discard the session in which you did them.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events