Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nüüül
Advisor

"show-ips-status" on R81 replies "latest-version": "N/A",

Hi,

I did a script for monitoring IPS status on Management and managed Devices. at least since R81 Management response for "show-ips-status" includes "latest-version": "N/A". As I want to compare the installed version with the latest available version (and did not find a ressource to fetch these informations directly from Check Point), my script now fails. 

So Question is,

Does anyone else see this? I tested with two installations on R81. Both with same result.
Does someone else have an idea where to fetch the latest version number (perhaps including a timestamp for creation date?)

Example API Response:

 

DEBUG:root:API Output:APIResponse({
"data": {
"installed-version": "635207528",
"installed-version-creation-time": {
"iso-8601": "2020-11-09T16:00+0100",
"posix": 1604934000000
},
"last-updated": {
"iso-8601": "2020-11-10T21:12+0100",
"posix": 1605039138000
},
"latest-version": "N/A",
"update-available": false
},
"res_obj": {
"data": {
"installed-version": "635207528",
"installed-version-creation-time": {
"iso-8601": "2020-11-09T16:00+0100",
"posix": 1604934000000
},
"last-updated": {
"iso-8601": "2020-11-10T21:12+0100",
"posix": 1605039138000
},
"latest-version": "N/A",
"update-available": false
},
"status_code": 200
},
"status_code": 200,
"success": true
})

 

...or any other idea?

 

Thanks

 

Daniel

0 Kudos
2 Replies
Jim_Oqvist
Employee
Employee

Hi Daniel,

According to my tests on a Security Management Server behavior between R80 and R81 have not changed.

  • Does the management have internet access?
  • Are you doing this on a SMS or MDS?
  • To make sure you are using a GA and not EA ISO, can you share the output of "cpinfo -y all" from the management server?
  • To make sure it does not has anything to do with the way your script parses the response. Can you share the output of "mgmt_cli show ips-status -r true -f json" from the management server?

This is the result I get on GA version R81 (Take 392)
As you can see, the show-ips-status is showing the update status and the number of latest version before and after IPS update.

 

 

[Expert@sms-pri70:0]# cpinfo -y all
This is Check Point CPinfo Build 914000214 for GAIA
[MGMT]
        No hotfixes..
[FW1]
        HOTFIX_GOT_MGMT_AUTOUPDATE
        HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE
FW1 build number:
This is Check Point Security Management Server R81 - Build 287
This is Check Point's software version R81 - Build 959
[Expert@sms-pri70:0]# mgmt_cli show ips-status -r true -f json
{
  "last-updated" : {
    "posix" : 1605002993000,
    "iso-8601" : "2020-11-10T11:09+0100"
  },
  "installed-version" : "635158746",
  "installed-version-creation-time" : {
    "posix" : 1451552400000,
    "iso-8601" : "2015-12-31T10:00+0100"
  },
  "update-available" : true,
  "latest-version" : "635207528",
  "latest-version-creation-time" : {
    "posix" : 1604934000000,
    "iso-8601" : "2020-11-09T16:00+0100"
  }
}

[Expert@sms-pri70:0]# mgmt_cli run-ips-update -r true -f json
---------------------------------------------
Time: [09:01:57] 11/11/2020
---------------------------------------------
"IPS Management Update"  succeeded  (100%)

[Expert@sms-pri70:0]# mgmt_cli show ips-status -r true -f json
{
  "last-updated" : {
    "posix" : 1605081654000,
    "iso-8601" : "2020-11-11T09:00+0100"
  },
  "installed-version" : "635207528",
  "installed-version-creation-time" : {
    "posix" : 1604934000000,
    "iso-8601" : "2020-11-09T16:00+0100"
  },
  "update-available" : false,
  "latest-version" : "635207528",
  "latest-version-creation-time" : {
    "posix" : 1604934000000,
    "iso-8601" : "2020-11-09T16:00+0100"
  }
}

 

 

 

 

Nüüül
Advisor

Hi Jim,

cpinfo:

 

This is Check Point CPinfo Build 914000214 for GAIA

[MGMT]
	No hotfixes..

[FW1]
	HOTFIX_GOT_MGMT_AUTOUPDATE
	HOTFIX_GOT_TPCONF_MGMT_AUTOUPDATE

FW1 build number:
This is Check Point Security Management Server R81 - Build 287
This is Check Point's software version R81 - Build 959

 

 

it turns out, that the user needs following right set via the Permission Profiles:

Gateways -> "Manage Licenses and Packages" -> "write" - even for a "show command"

 

The script of mine is using the Check Point python SDK via Web 

Output with correct right set:

 

   "res_obj": {
        "data": {
            "installed-version": "635207560",
            "installed-version-creation-time": {
                "iso-8601": "2020-11-11T00:00+0100",
                "posix": 1605049200000
            },
            "last-updated": {
                "iso-8601": "2020-11-11T13:12+0100",
                "posix": 1605096724000
            },
            "latest-version": "635207560",
            "latest-version-creation-time": {
                "iso-8601": "2020-11-11T00:00+0100",
                "posix": 1605049200000
            },
            "update-available": false
        }
}

 

 

Output with "read" permission on Gateways -> "Manage Licenses and Packages" :

 

 

    "res_obj": {
        "data": {
            "installed-version": "635207560",
            "installed-version-creation-time": {
                "iso-8601": "2020-11-11T00:00+0100",
                "posix": 1605049200000
            },
            "last-updated": {
                "iso-8601": "2020-11-11T13:12+0100",
                "posix": 1605096724000
            },
            "latest-version": "N/A",
            "update-available": false
        },
        "status_code": 200
    }
}

 

 

Will edit the script and add it to script documentation 🙂

Thanks,

 

Daniel