Quantum Spark Management Unleashed!
Introducing Check Point Quantum Spark 2500:
Smarter Security, Faster Connectivity, and Simpler MSP Management!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Art_Zalenekas
Little project which is utilizing cpridutil over run-script CHKP MGMT API call to get firmware version of all SMB devices managed by the domain. The interesting part is that we are listing LSM (SmartProvisioning) managed devices as well. At the end, we write all output into CSV file (default output.csv).
GW,Image,Serial,MAC,IP,Status
SMB-1500-GW,R80_992002665_20_40,XX12X12345,00:1C:DE:AD:BE:EF,192.168.1.1,SuccessfulThis way you have a list of all SMB devices and their firmware version.
We are utilizing Python CHKP MGMT API SDK for the API communication.
You can run the code either directly on the CHKP MGMT server or a separate machine with API access to the CHKP MGMT API.
Additional integration with Check Point SourceGuard for code security scan on each code change, as well as latest Check Point's acquisition of SpectralOps to scan for any potential Secrets leak like passwords or API keys. All running as Github Actions workflow.
The code is under MIT License:
https://github.com/Senas23/cp_cpridutil
Little project which is utilizing cpridutil over run-script CHKP MGMT API call to get firmware version of all SMB devices managed by the domain. The interesting part is that we are listing LSM (SmartProvisioning) managed devices as well. At the end, we write all output into CSV file (default output.csv).
GW,Image,Serial,MAC,IP,Status SMB-1500-GW,R80_992002665_20_40,XX12X12345,00:1C:DE:AD:BE:EF,192.168.1.1,Successful
This way you have a list of all SMB de
...;
Danny
Thanks for sharing. 👍
I checked the lengthy Python script that just runs show diag on all SMB devices and figured this could be done as a simple bash one-liner as well. Can be executed as one-time script from within SmartConsole or directly from SmartCenter server's expert mode:
echo; for i in `grep 'sic_name\|ipaddr' $FWDIR/conf/objects.C|grep -A1 sic_name|grep 'ipaddr '|tr -d ':ipadr ()\t'`; do cprid_util -server $i -verbose rexec -rcmd /bin/bash -c "hostname; clish -c 'show diag'"; doneOf course some grep commands would need to be added to filter the output of show diag and check the SMB type but that would be really easy and adjustable for everyone's needs.
Thanks for sharing. 👍
I checked the lengthy Python script that just runs show diag on all SMB devices and figured this could be done as a simple bash one-liner as well. Can be executed as one-time script from within SmartConsole or directly from SmartCenter server's expert mode:
echo; for i in `grep 'sic_name\|ipaddr' $FWDIR/conf/objects.C|grep -A1 sic_name|grep 'ipaddr '|tr -d ':ipadr ()\t'`; do cprid_util -server $i -verbose rexec -rcmd /bin/bash -c "hostname; cThx Danny, but unfortunately that is not helping here. We need to know the Type of the GW, as we are looking just for SMB devices. Second, we need to list LSM managed GWs too, which you don't see in objects.C at all.
Furthermore, there is no need to dig under the hood of the MGMT server and live on the BASH as uid 0. Best case, nobody should be living on the BASH. Many other reasons why not to keep your scripts and code on the management. Separation is the key here.
Thx Danny, but unfortunately that is not helping here. We need to know the Type of the GW, as we are looking just for SMB devices. Second, we need to list LSM managed GWs too, which you don't see in objects.C at all.
Furthermore, there is no need to dig under the hood of the MGMT server and live on the BASH as uid 0. Best case, nobody should be living on the BASH. Many other reasons why not to keep your scripts and code on the management. Separation is the key here.
;
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY