This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Greg_Harewood
Contributor
‎2020-08-18 06:54 AM

set generic-object ....help me with arrays please!

Hi!

show generic-object uid xxx is enormously useful and self documenting.

For settings aspects of the same, parameters of owned objects are simple enough, e.g.

set generic-object uid FWUID firewallSetting.connectionsLimit 50000

For arrays of objects, such as interfaces of a firewall, there is scattered documentation for things like...

set generic-object uid FWUID interfaces.add.create "com.checkpoint.objects.classes.dummy.CpmiClusterInterface" \
interfaces.add.owned-object.netmask "255.255.255.0" \
interfaces.add.owned-object.ipaddr 22.22.22.22

I've also found that I can remove an owned object by uid such as the above interface with...

set generic-object uid bbdf2604-ae6b-2942-ab8e-f4b0f7d31fa8 interfaces.remove 35b0b1ab-a323-49ec-b72b-d98eea2ddd89

What's missing from this picture is how to edit contents of owned objects in an array. PLEASE HELP! 🙂

I've tried things like....

set generic-object uid FWUID interfaces.0.netmask "255.255.255.0"

code: "generic_err_invalid_parameter"
message: "An object was requested to be added to the collection: 'interfaces', however create is missing"

...but no dice.  There must surely be  away to set parameters inside arrays of owned objects but I can't work it out.  My requirement by the way is to round trip a gateway from one VSX to another.  It's working, we've been using it in anger, but at the moment we have to check anti-spoofing parameters by hand and I'm highly motivated to be able to put them back after the vsx_provisioning_tool add vd.

Thanks for any help!

5 Replies
Greg_Harewood
Contributor
‎2020-08-18 07:18 AM

You know how laying out an explanation for other people can sometimes help?  I've made progress...

 

set generic-object uid <GWUID> interfaces.set.1.uid <IFUID> interfaces.set.1.owned-object.security.antispoof true
set generic-object uid <GWUID> interfaces.set.1.uid <IFUID> interfaces.set.1.owned-object.ipaddr 99.101.102.103

(The 1 is arbitrary as far as I can tell and just used to associate the two parameters.)  These work, and showing the generic object puts them in the right place.  However, they don't appear in the GUI (even after publish).  What do I need to do to get these propagated and active?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-08-18 07:18 AM

This might be one of those things generic-objects can’t do.
I ran into something similar when I was trying to edit platform portal, which I believe is stored in a similar structure.
@Omer_Kleinstern 

Greg_Harewood
Contributor
‎2020-08-18 09:57 AM
In response to PhoneBoy

I don't know why it didn't seem to be picking up the change - probably an unrelated issue.  It's working quite well now actually.

Follow-on question .... with web_api, I can clearly distinguish between null, 0, and "".  I don't know how to do so with mgmt_cli.  Can you help at all?  In particular, things like the security.netaccess.allowed field... how do I set to null, rather than ""?  I seem to remember seeing *NULL* used somewhere, but I can no longer find the reference.

 

PhoneBoy
Admin
Admin
‎2020-08-20 09:51 PM
In response to Greg_Harewood

Maybe null without quotes?

0 Kudos
Greg_Harewood
Contributor
‎2020-08-24 02:37 AM
In response to PhoneBoy

I've sort of accepted that if I want to send null, I have to use web_api directly, which is typed.  Not great, but if you find out better, let me know!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events