- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Building a VMSS Remote Access CloudGuard Instance ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Building a VMSS Remote Access CloudGuard Instance with postinstall scripts
Once we spin up a new instance, we have a need to change the following settings and I am not sure of the "proper" way to complete. I have tried working through BASH scripting but I am thinking API would be a more supportable way but not sure if some of this is supported by API.
1. enable Network Security features.
2. enable Threat Prevention features.
3. Update the VPN domain
4. Add an Active Directory Domain to the Active Directory Query
5. Allow only Desktop VPN Clients to connect to gateway
6. Set VPN Client Authentication Multiple Authentication Client Settings to MFA-2 and User/pass.
7. Set Office Mode to all users and set network pool
8. Push Hotfixes
9. Set Policy Based Routing to Office Mode IP range
10. Make several ckp_regedit commands
11. edit the trac_client_1.ttm file (I can use sed or something else)
- Tags:
- automation
- scripting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1-3 can be done with the API, I believe.
4 -6 cannot be done with API and requires configuration in SmartConsole.
7 I believe can be done with API.
8 can be done via the API
9 I'm not sure what you're doing here, can you clarify?
10-11 can probably be done with run-script API
The API mentioned is the Management API: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20
Note the above assumes we are talking about R81.20.