This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Javier_Hijas
Employee Alumnus
Employee Alumnus
‎2018-08-31 12:27 AM
Jump to solution

custom-script example for autoprovision of autoscale gateways

This file is to be used as an example for autoscale and VMSS groups that require custom settings on the gateway at provisioning time. These script rely on Check Point API and professional services are usually recommended for complex customizations.

exemple-activating-mab.bash
1 Solution

Accepted Solutions
Martin_Valenta
Advisor
‎2020-11-17 10:58 PM
In response to H4ppyM3
Jump to solution

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

0 Kudos
13 Replies
Carsten_R
Contributor
‎2019-03-01 11:35 PM
Jump to solution

Hi Javier,

thanks a lot!

So this script is for changing parts of the gateway objects.

Am I'm correct, that if I need to change parts in GAIA, I have to configure a bootstrap file? - like for adding different routes, adding users....?

How can I change or add this bootstrap file to an already existing VMSS? I mean, that future deployed (dynamic) gateways would have this settings?

Javier_Hijas
Employee Alumnus
Employee Alumnus
‎2019-03-04 10:12 AM
Jump to solution

Hi Carsten! Instead of using the azure bootstrap options, the way for VMSS is to use the same autoprovision configuration file at the Check Point management server. These custom settings are described in the following doc:

https://github.com/CheckPointSW/sddc

HTHs,

0 Kudos
Abhishek_Singh1
Contributor
‎2019-09-24 04:13 AM
In response to Javier_Hijas
Jump to solution

Hi @Javier_Hijas  , I am working on deploying a VMSS with MTA enabled on the Gateway firewall. Do you have any recommendation or experience with the same?? Any specific flag or setting on the custom script that I can use for the gateways being spinup by the VMSS. 

0 Kudos
Carsten_R
Contributor
‎2019-03-05 07:37 AM
Jump to solution

Thank you, but how do I use the script?

How looks the CLI syntax?

#> python monitor.pv file.json

...does not work

Carsten_R
Contributor
‎2019-03-14 06:21 AM
In response to Carsten_R
Jump to solution

Hi,
is there no solution or aren't there any examples how to execute the script?
Martin_Valenta
Advisor
‎2019-10-07 07:14 AM
In response to Carsten_R
Jump to solution

Hi Carsten
for each template you can specify custom gateway script, like this:

autoprov-cfg set template -tn <templateName -cg "/home/admin/myscript.sh"
"Intranet": {
"application-control": true,
"custom-gateway-script": "/home/admin/myscript.sh",

and script can look like this:
#!/bin/bash
. /tmp/.CPprofile.sh
cd /home/admin/
echo "Downloanding config file..."
curl_cli -k -O https://10.223.227.31/azure.txt
clish -i -f /home/admin/config-azure.txt

In our case i've use it for rolling out system level settings per our standards and static routes..

Carsten_R
Contributor
‎2019-12-03 06:07 AM
In response to Martin_Valenta
Jump to solution

Hi Martin,
thanks, but where do I find the "-cg" option?

[...]
[Expert@cpmgmt:0]# autoprov-cfg init Azure -tn "autoprovisioning_template" -h
usage: autoprov-cfg init Azure [-h] -mn MANAGEMENT NAME -tn TEMPLATE NAME -otp
ONE TIME PASSWORD -ver
{R77.30,R80.10,R80.20,R80.30,R80.40} -po POLICY
-cn CONTROLLER NAME -sb SUBSCRIPTION
[-at SERVICE PRINCIPAL CREDENTIALS TENANT]
[-aci SERVICE PRINCIPAL CREDENTIALS CLIENT ID]
[-acs SERVICE PRINCIPAL CREDENTIALS CLIENT SECRET]
[-au AZURE USERNAME] [-ap AZURE PASSWORD]
[...]
0 Kudos
Martin_Valenta
Advisor
‎2019-12-03 06:17 AM
In response to Carsten_R
Jump to solution

Hi, once you do init, you can then do "set template -tn abc -cg /home/script.sh"
0 Kudos
H4ppyM3
Contributor
‎2020-11-16 12:10 AM
In response to Martin_Valenta
Jump to solution

Hi Martin,

 

can you share the script which you are using for adding routes ?

 

thanks.

0 Kudos
Martin_Valenta
Advisor
‎2020-11-16 12:14 AM
In response to H4ppyM3
Jump to solution

normally via "set static-route" command, those lines are part of script, which is run on gateway during provisioning.

0 Kudos
H4ppyM3
Contributor
‎2020-11-17 06:52 AM
In response to Martin_Valenta
Jump to solution

Hi Martin,

thank you for reply. So the steps should looks like this:

 

 

1) In /home/admin directory I add a txt file "add_route.txt" with command inside:

set static-route 192.168.0.0/24 nexthop gateway address 10.0.0.1

2) Create a script run.sh

!/bin/bash
. /tmp/.CPprofile.sh
clish -i -f /home/admin/add_route.txt


3) autoprov-cfg set template -tn <templateName> -cg "/home/admin/run.sh

 

This will add a route to the gateway each time scaling occur ? right ?

0 Kudos
Martin_Valenta
Advisor
‎2020-11-17 10:58 PM
In response to H4ppyM3
Jump to solution

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

0 Kudos
H4ppyM3
Contributor
‎2020-11-19 03:10 AM
In response to Martin_Valenta
Jump to solution

it works. thank you Martin 🙂

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events