Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Sole
Mentor
Mentor

How to test the Management API with the Cloud Demo

The nice thing with the R80.10 Cloud Demo option is that you no longer need a real Check Point license to test security management features. And the API is one of them.

1. Get the server IP by clicking “copy server IP”

 

 

2. Get an administrator with a password that you know of, by creating one at “Permissions & Administrators” or by changing the password of one of the existing administrators. Publish your changes.

 

Now you can test your tools by connecting to this server IP with the administrator username and password.

13 Replies
Vladimir
Champion
Champion

Tomer,

Can you point me to a detailed description of the capabilities of the cloud demo?

I routinely recommend it to my clients for familiarization with R80.XX, but it would be nice to accurately describe its limitations.

Thank you.

0 Kudos
PhoneBoy
Admin
Admin

There's an SK that describes the various limitations: Check Point R80 / R80.10 Cloud Demo Known Limitations 

0 Kudos
Tomer_Sole
Mentor
Mentor

Here is the overview of why we chose this approach with R80 and the highlights of the benefits -  https://community.checkpoint.com/thread/5447-a-brief-history-of-demo-mode-for-policy-editor-and-smar... 

0 Kudos
Bryan_Lee
Employee Alumnus
Employee Alumnus

How do I restart the Management API with "api restart" command in this demo mode? the "command line" shell is not the usual Gaia shell. 

0 Kudos
PhoneBoy
Admin
Admin

I don't you need to in the case of the Cloud Demo servers, but could be wrong there.

Joshua_Hatter
Employee
Employee

The API in the cloud demo is setup to only accept local connections so it is required to test remote tools. Tomer Sole can we get the cloud server to default to gui clients or all IP? Otherwise we need some way to access and restart the API like Bryan mentioned.

Otherwise I have bypassed this with the run-script api to issue an api restart from SmartConsole.

0 Kudos
Ofir_Shikolski
Employee
Employee

Get the real ip of the machine.

update MGMT object with real IP.

modify API settings 

add user + password + permissions 

publish

run-script on the MGMT object : 

source /etc/profile.d/CP.sh && api restart

ignore the error

Have fun Smiley Happy I do not know how to upload screenshots Smiley Sad

for me it worked Smiley Happy

C:\Program Files (x86)\CheckPoint\SmartConsole\R80.20\PROGRAM>mgmt_cli.exe login -m 52.59.244.70 -u ofirs -p ofirs

To verify server identity, compare the following fingerprint with the one displayed by the api management tool (api fingerprint).

SHA1 Fingerprint=42:02:B9:93:7C:4A:E4:47:3F:4C:B3:82:B8:45:0D:A9:13:80:E9:62
English Fingerprint=TOY GAL CENT WAVY LIEN LEE TAN CHEF SNOW DAYS BADE RUSK

Do you accept the fingerprint? (y/n) [y] ? y

C:\Program Files (x86)\CheckPoint\SmartConsole\R80.20\PROGRAM>mgmt_cli.exe login -m 52.59.244.70 -u ofirs -p ofirs
uid: "ddae3d5a-55aa-4cfd-8007-203a48e76ad7"
sid: "VuF91i1TvIShO6qc-L7xLDhxgNt04c4Nw9annrZFack"
url: "https://52.59.244.70:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1538151915730
iso-8601: "2018-09-28T16:25+0000"
api-server-version: "1.3"

Joshua_Hatter
Employee
Employee

As I said I do this to bypass the issue.

But it would make more sense for standard user who is using the demo to not go through this step.

Tunnelscraper
Explorer

Hi,

 

is this method possible to do for a normal user?

Because I don't have no idea how 

* How to access the CLISH in the Demo env.?

* where I get the script?

* what have to be modified by the API setting?

 

Tanks for your answers.

Cheers

0 Kudos
PhoneBoy
Admin
Admin

clish access is not necessary for this.
Also in current versions the Demo Mode server should be available from all IPs by default (as I recall), or if you need to enable it, there is no need to execute an api restart.
If you want to use mgmt_cli, it’s available in Windows when you install SmartConsole.

0 Kudos
Jason_Rakers
Participant

api restart is a CLISH command

Joshua_Hatter
Employee
Employee

The api command is a shell script, that can be called from Expert or Clish.

PhoneBoy
Admin
Admin

Created a new post on this topic: https://community.checkpoint.com/t5/API-CLI-Discussion/Using-SmartConsole-Demo-Mode-Server-for-API-t...
Further questions on this topic should be addressed on this thread.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events