cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

Hi,

in a R80.20 SMS, i need to implement a lot of object of type LegacyUserAtLocation and use in the rulebase as ClientAuth rule.


To use an existing LegacyUserAtLocation object, it's easy by referencing the uid, in the "source" filed of the api call for add-access-rule.
And this is the only way, because the allowed values for the "source" field are just "string" or a "list" of string (see Management API Reference v1.3).

For this reason,i suppose this object isn't a "runtime object", and should exist in the db(where, i don't know)


But how can i create a new LegacyUserAtLocation object?


If i would use add-generic-object api, i should know the class type to use in the "create" field, as explained in this link (see Request - 2    Add new user)... i miss this information

Take a look to the following request to clarify:

Request - https://_._._._/web_api/show-generic-object

This is the request for an existing LegacyUserAtLocation
{
    "uid": "fc3839e0-16d9-4d2b-9b6a-057744f7d3cc",
    "details-level" : "full"
}‍‍‍‍‍‍‍‍


Response

{
  "domainsPreset": null,
  "objectValidationState": null,
  "color": "BLACK",
  "userGroup": "0f2aadf4-42b7-11e2-a0d2-00000000dede",
  "location": "ad57e4fc-42bb-11e2-a0d2-00000000dede",
  "uid": "fc3839e0-16d9-4d2b-9b6a-057744f7d3cc",
  "folder": {
    "uid": "baf708b7-6543-4b69-aa44-a3f6058e6607",
    "name": "Global Objects"
  },
  "domain": {
    "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name": "SMC User"
  },
  "meta-info": {
    "metaOwned": false,
    "lockStateResponse": null,
    "validationState": "OK",
    "deletable": true,
    "renameable": true,
    "newObject": false,
    "lastModifytime": 1546965204492,
    "lastModifier": "System",
    "creationTime": 1546964026903,
    "creator": "System"
  },
  "tags": [
  ],
  "name": "user_1@location_1",
  "icon": "Objects/UsersGroup",
  "comments": "",
  "display-name": "",
  "customFields": null,
  "_original_type": "LegacyUserAtLocation"
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍


I think to use something like:

Request - https://_._._._/web_api/add-generic-object

{
    "create" : "com.checkpoint.????.????.ClassUserAtLocation",
    "name": "new_user@new_location",
    "type": "LegacyUserAtLocation",
    "color": "black",
    "location": "ad57e4fc-42bb-11e2-a0d2-00000000dede",
    "userGroup": "0f2aadf4-42b7-11e2-a0d2-00000000dede",
    "icon": "Objects/UsersGroup",
    "comments": "Some comments",
    "display-name": "",
    "_original_type": "LegacyUserAtLocation"
}
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

but doesn't work!

Possible workaround (dbedit?) or a list of class are welcome.

Thanks,

Francesco

Labels (2)
1 Solution

Accepted Solutions
Employee+
Employee+

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

The appropriate class is going to be 'com.checkpoint.objects.LegacyUserAtLocation'

Then you need to supply the following keys.

name - I would stick with <groupname>@<objectname>

userGroup - uid of group object

location - uid of network object

So something like:

mgmt_cli add generic-object create 'com.checkpoint.objects.LegacyUserAtLocation' userGroup ad7bffcd-af13-4fd6-8115-5662a9f15e57 location 5c2e22c4-1698-43fc-b7b2-bac26ef00c09 name "test_group@test_object"

Then you need to run show generic-objects class-name com.checkpoint.objects.LegacyUserAtLocation to get the UID of the created UserAtLocation to pass its UID to an access-rule.

mgmt_cli show generic-objects class-name com.checkpoint.com.objects.LegacyUserAtLocation

Tested in lab, the object creation works, don't know about traffic actually working.

5 Replies
Employee+
Employee+

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

The appropriate class is going to be 'com.checkpoint.objects.LegacyUserAtLocation'

Then you need to supply the following keys.

name - I would stick with <groupname>@<objectname>

userGroup - uid of group object

location - uid of network object

So something like:

mgmt_cli add generic-object create 'com.checkpoint.objects.LegacyUserAtLocation' userGroup ad7bffcd-af13-4fd6-8115-5662a9f15e57 location 5c2e22c4-1698-43fc-b7b2-bac26ef00c09 name "test_group@test_object"

Then you need to run show generic-objects class-name com.checkpoint.objects.LegacyUserAtLocation to get the UID of the created UserAtLocation to pass its UID to an access-rule.

mgmt_cli show generic-objects class-name com.checkpoint.com.objects.LegacyUserAtLocation

Tested in lab, the object creation works, don't know about traffic actually working.

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

Thanks Joshua,
the api works, and asap i'll test the traffic and let you know

0 Kudos

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

I tried to do some traffic in a virtual environment and its works as expected!

Thanks!

0 Kudos
Admin
Admin

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

While it's great you got it working, I do have to ask the question why you are still using Client Auth.

Use on R80.x gateways still works, but has some limitations.

See: Install policy on R80.10 Security Gateway fails with verification error messages 

0 Kudos

Re: How to create LegacyUserAtLocation object through the R80.x api?

Jump to solution

Thanks Dameon, i get it!