Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dflick
Explorer

Building a VMSS Remote Access CloudGuard Instance with postinstall scripts

Once we spin up a new instance, we have a need to change the following settings and I am not sure of the "proper" way to complete.  I have tried working through BASH scripting but I am thinking API would be a more supportable way but not sure if some of this is supported by API.

1. enable Network Security features.

2. enable Threat Prevention features.

3. Update the VPN domain

4. Add an Active Directory Domain to the Active Directory Query

5. Allow only Desktop VPN Clients to connect to gateway

6. Set VPN Client Authentication Multiple Authentication Client Settings to MFA-2 and User/pass.

7. Set Office Mode to all users and set network pool

8. Push Hotfixes 

9. Set Policy Based Routing to Office Mode IP range

10. Make several ckp_regedit commands

11.  edit the trac_client_1.ttm file (I can use sed or something else)

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

1-3 can be done with the API, I believe.
4 -6 cannot be done with API and requires configuration in SmartConsole.
7 I believe can be done with API.
8 can be done via the API
9 I'm not sure what you're doing here, can you clarify?
10-11 can probably be done with run-script API

The API mentioned is the Management API: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20 
Note the above assumes we are talking about R81.20.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.