Solved: policyCleanUp.py issue

Shawn_Fletcher · ‎2019-06-25

Hi there, Pretty new to Checkpoint API/Scripting but was trying to do a policy cleanup and this looks like it could be a huge help.

-Running directly on SMS R80.20 M2
-Check Point API Python SDK added and variable set

Ran policyCleanUp.py multiple ways - but to keep it simple examples below

as User

# python policyCleanUp.py -op plan
[2019-06-25 22:39:10] Failed to login. Error: APIResponse received a response which is not a valid JSON.

User has access to management api in user settings, API is set to accept from all IP addresses

using the root flag

# python policyCleanUp.py -op plan -r true
Traceback (most recent call last):
File "policyCleanUp.py", line 1118, in <module>
main()
File "policyCleanUp.py", line 989, in main
check_validation_for_mds(client, user_args.domain)
File "policyCleanUp.py", line 935, in check_validation_for_mds
if int(api_res.data.get('total')) != 0:
AttributeError: 'NoneType' object has no attribute 'get'

Any ideas? This seemed like it would be really helpful to run for me.
thanks!

PhoneBoy · ‎2019-06-25

You'll probably have to modify the script to use a non-standard port.
While I'm not familiar with the script, it probably assumes port 443, not 4434.

View solution in original post

Sigbjorn · ‎2019-06-26

You need to add "--port 4434" when running the script to connect to non-default port.

By default, it will connect to port 443.

/Sigbjorn

View solution in original post

PhoneBoy · ‎2019-06-25

Most likely you have not enabled the API to be usable from hosts other than localhost.
You can confirm this with the command api status on the management server.
To fix this problem, see: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641/highli...

Shawn_Fletcher · ‎2019-06-25

i think i did but let me know if this is wrong.

# api status

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 9954
CPM Started 7079 Check Point Security Management Server is running and ready
FWM Started 24951
APACHE Started 7453

Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL

--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

PhoneBoy · ‎2019-06-25

You'll probably have to modify the script to use a non-standard port.
While I'm not familiar with the script, it probably assumes port 443, not 4434.

Sigbjorn · ‎2019-06-26

You need to add "--port 4434" when running the script to connect to non-default port.

By default, it will connect to port 443.

/Sigbjorn

Shawn_Fletcher · ‎2019-06-26

thank you both, clearly i should have caught that but definitely the solution

Are you a member of CheckMates?

policyCleanUp.py issue