Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shawn_Fletcher
Contributor
Jump to solution

policyCleanUp.py issue

Hi there, Pretty new to Checkpoint API/Scripting but was trying to do a policy cleanup and this looks like it could be a huge help.

-Running directly on SMS R80.20 M2
-Check Point API Python SDK added and variable set

Ran policyCleanUp.py multiple ways - but to keep it simple examples below

as User 

# python policyCleanUp.py -op plan
[2019-06-25 22:39:10] Failed to login. Error: APIResponse received a response which is not a valid JSON.

User has access to management api in user settings, API is set to accept from all IP addresses

using the root flag

# python policyCleanUp.py -op plan -r true
Traceback (most recent call last):
File "policyCleanUp.py", line 1118, in <module>
main()
File "policyCleanUp.py", line 989, in main
check_validation_for_mds(client, user_args.domain)
File "policyCleanUp.py", line 935, in check_validation_for_mds
if int(api_res.data.get('total')) != 0:
AttributeError: 'NoneType' object has no attribute 'get'

Any ideas? This seemed like it would be really helpful to run for me.
thanks!

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
You'll probably have to modify the script to use a non-standard port.
While I'm not familiar with the script, it probably assumes port 443, not 4434.

View solution in original post

Sigbjorn
Advisor
Advisor

You need to add "--port 4434" when running the script to connect to non-default port.

By default, it will connect to port 443.

/Sigbjorn

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
Most likely you have not enabled the API to be usable from hosts other than localhost.
You can confirm this with the command api status on the management server.
To fix this problem, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641/highli...
0 Kudos
Shawn_Fletcher
Contributor

i think i did but let me know if this is wrong. 

 

# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 9954
CPM Started 7079 Check Point Security Management Server is running and ready
FWM Started 24951
APACHE Started 7453

Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

0 Kudos
PhoneBoy
Admin
Admin
You'll probably have to modify the script to use a non-standard port.
While I'm not familiar with the script, it probably assumes port 443, not 4434.
Sigbjorn
Advisor
Advisor

You need to add "--port 4434" when running the script to connect to non-default port.

By default, it will connect to port 443.

/Sigbjorn

Shawn_Fletcher
Contributor

thank you both, clearly i should have caught that but definitely the solution

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events