This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrew_Rawlinso
Participant
11 hours ago

Terraform - Add Static Route on Gateway

Hi,

I have currently deployed an R82 Check Point Management Server and R82 Security Gateway via Terraform in our on-premise VMware environment. We use Jenkins pipelines to deploy the Terraform code that is stored in GitHub Enterprise.

The code works well to provision the Virtual Machines, and run all day one tasks, such as running the first time configuration wizard and adding the gateway into the Management server with the provided SIC one-time password.

I am now looking at how to perform "day 2" tasks for the ongoing management of the security gateway now it has been deployed. One specific scenario is looking at how to add a static route onto the gateway. I have been looking at the "checkpoint_management_gaia_api" terraform command to connect to the Check Point Management server and run the gaia_api command on the gateway to add the static route. Link to Terraform resource below:

checkpoint_management_gaia_api | Resources | CheckPointSW/checkpoint | Terraform | Terraform Registr...

Monitoring the /var/log/gaia_api_server.log file on the Gateway I can see that the Management Server successfully logs into the gateway api and tries to POST the "set-static-route" api call to the gateway. It fails with the error:

"ERROR: Failed to handle request, reason: 'address is required, mask-length is required, type is required'"

The Terraform code I am using is below (X.X.X.X and Y.Y.Y.Y has been used to hide the real IP addresses):

resource "checkpoint_management_command_gaia_api" "add_static_route" {
  target          = checkpoint_management_simple_gateway.cpgw01.name
  command_name    = "set-static-route"
  other_parameter = <<EOT
 '{
  "address" : "X.X.X.X",
  "mask-length" : "22",
  "next-hop" : {
    "gateway" : "Y.Y.Y.Y",
    "priority" : "2"
  },
  "rank" : "25",
  "type" : "gateway",
  "comment" : "Added via Terraform"
 }'
 EOT
 }
 
Does anyone have any suggestions on how to get this working? Is there a different Terraform resource that could be used to perform changes on the gateways after it has been deployed?
 
Thanks in advance for your help,
Andy
0 Kudos
1 Reply
Amir_Senn
Employee
Employee
6 hours ago

Have you tried to use GAIA API "run script" API?

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html#web/run-script~v1.8%20

You can also chain some commands together.

Body example I used as part of a collection:

{
  "script": "mgmt_cli -r true set api-settings accepted-api-calls-from \"All IP addresses\" ; api restart"
}
Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events