Hi @G_W_Albrecht ,

Thanks for objects.C output.

I thought so! The TX Appliances has the type ":type (host)" and not ":type (gateway)"

I search with grep for the following:

grep -A 500 -B 1  ':type (gateway)'

I'll have to take a closer look in the next few days.

Regards

Heiko

Hello  @HeikoAnkenbrand 

I can confirm that the TE appliance is not recognized.

Hi @G_W_Albrecht 

I had found an other way to parse gateways on R80:

mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address"'

I will add this after Easter holidays.

If necessary I have to adjust the filter a little bit.

Hello @HeikoAnkenbrand 

This solution only works on R80 and above, doesn't it?

Yes, this works very good ! Also gets the TE  appliance...

Great new commands😁

Is the command name g_mclish or gw_mclish?

gw_mclish is the correct command.

The new commands are very great.

Thanks
Caytana

Hello @HeikoAnkenbrand,

The command gw_detect80 works very fast and well. TE applicances are not recognized.

Regards

The new version 0.4 with the command gw_detect80 is available.

SMB Appliances are not recognized. Can you please change that?

Hi @HeikoAnkenbrand 

We have over 100 gateways in use worldwide. That makes life easier for me with many things. I can finally execute commands centrally on the gateways.

It's a great idea.

Thank you

Is this a R80.30 command?

Can I use this tool under R80.30?

Interesting script, I would suggest that the resulting scripts made be put into "/usr/bin" instead of "/usr/local/bin", I checked the PATH variable and found that "/usr/local/bin" is not included for some users.

Thanks @Frank_Allen 

I check this in the next few days.

Very nice command extension.

Great tool.

Great job!

Is it in roadmap to add support for MDS as well? 🙂 

Here is a quick and dirty mod for MDS R77.30 

#!/bin/bash

#  mds_gw_detect (R77)

# export all Check Point environment variables
. /opt/CPshared/5.0/tmp/.CPprofile.sh

# go to MDS context
mdsenv
mcd

if [[ -f /var/log/g_mds_gws.txt ]]; then
rm /var/log/g_mds_gws.txt
fi
# iterate over the customers
for CMA_NAME in `$MDSVERUTIL AllCMAs`
do
mdsenv $CMA_NAME
echo Searching thru $CMA_NAME
$MDSDIR/bin/cpmiquerybin attr "" network_objects "class='gateway_ckp'|class='cluster_member'|class='vsx_netobj'|class='vsx_cluster_member'" -a ipaddr |awk -v svar="$CMA_NAME" '{ print svar ";" $1 }' >> /var/log/g_mds_gws.txt
done
echo " Start less. enter to proceed. Hit q to quit from less"
read ans
less /var/log/g_mds_gws.txt
exit

mbash for MDS

#!/bin/bash
# export all Check Point environment variables
#. /opt/CPshared/5.0/tmp/.CPprofile.sh
. $CPDIR/tmp/.CPprofile.sh

if [ ! -f /var/log/g_mds_gws.txt ]; then
echo "First start \"mds_gw_detect\" and\or edit the file /var/log/g_mds_gws.txt manually. Add here all your CMAs and gateway IP addresses."
else
HAtest="$@"
echo $HAtest > /var/log/g_command.txt;
OIFS=$IFS
IFS=";"
while read FILE
do
line=($FILE)
CMA=${line[0]}
GW=${line[1]}
echo CMA=$CMA GW=$GW
mdsenv $CMA
if $CPDIR/bin/cprid_util getarch -server $GW |grep "gaia" > /dev/null;
then
echo "--------- GAIA $GW execute command: $HAtest"
$CPDIR/bin/cprid_util -server $GW putfile -local_file /var/log/g_command.txt -remote_file /var/log/g_command.txt;
$CPDIR/bin/cprid_util -server $GW -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt
else
echo "--------- STOP $line Error: no SIC to gateway $GW or no compatible gateway or Rulebase drops FW_CPRID "
fi
done < /var/log/g_mds_gws.txt
IFS=$OIFS

fi

Give it a go.. 

Cheers 

Declan

Slightly modified and now works for me, just one CMA, where only one VS is connected is failing with the below error. Will need to look at it closer.

cma-XXX-p
cma-XXX-p Error: 'Failed
cma-XXX-p
cma-XXX-p Error: 'Session
cma-XXX-p
cma-XXX-p Usage:
cma-XXX-p cpmiquerybin <query
cma-XXX-p
cma-XXX-p Examples:
cma-XXX-p - print
cma-XXX-p cpmiquerybin object
cma-XXX-p - print
cma-XXX-p cpmiquerybin attr
cma-XXX-p

-----detect-----

#!/bin/bash
#export all Check Point environment variables
. /opt/CPshared/5.0/tmp/.CPprofile.sh

#go to MDS context
mdsenv
mcd

if [ -f /var/log/mds_gws ]; then rm /var/log/mds_gws; fi

for CMA_NAME in $($MDSVERUTIL AllCMAs);
do
mdsenv $CMA_NAME
echo "Searching through CMA $CMA_NAME" 
$MDSDIR/bin/cpmiquerybin attr "" network_objects " (type='cluster_member' & vsx_cluster_member='true' & vs_cluster_member='true') | (type='cluster_member' & (! vs_cluster_member='true')) | (vsx_netobj='true') | (type='gateway'&cp_products_installed='true' & (! vs_netobj='true') & connection_state='communicating')" -a __name__,ipaddr | awk -v svar="$CMA_NAME" '{print svar " " $1 " " $2}' >> /var/log/mds_gws
done
echo "Output is available in /var/log/mds_gws"
exit

-----gw_mbash for MDS-----
#!/bin/bash
#export all Check Point environment variables
#./opt/CPshared/5.0/tmp/.CPprofile.sh
.$CPDIR/tmp/.CPprofile.sh

if [ ! -f /var/log/mds_gws ]; then
echo "First start \"mds_gw_detect\" and\or edit the file /var/log/mds_gws manually. Add here all your CMAs and gateway IP addresses."
else
HAtest="$@"
echo $HAtest > /var/log/g_command.txt;

while read line
do

CMA=`echo "$line" | awk '{print $1}'`
GW_name=`echo "$line" | awk '{print $2}'`
GW_IP=`echo "$line" | awk '{print $3}'`

echo $CMA $GW_name ($GW_IP)
mdsenv $CMA

if $CPDIR/bin/cprid_util getarch -server $GW_IP |grep "gaia" > /dev/null;
then
echo "--------- GAIA $GW_IP execute command: $HAtest"
$CPDIR/bin/cprid_util -server $GW_IP putfile -local_file /var/log/g_command.txt -remote_file /var/log/g_command.txt;
$CPDIR/bin/cprid_util -server $GW_IP -verbose rexec -rcmd /bin/bash -f /var/log/g_command.txt
else
echo "--------- STOP $line Error: no SIC to gateway $GW or no compatible gateway or Rulebase drops FW_CPRID "
fi
done < /var/log/mds_gws
fi
chmod +x /usr/local/bin/gw_mbash

Top idea!

Nice! 

Thanks for the tips.

The script is not taking into account if the Gaia WebUI port was changed from 443 to something different.

This should be either fetched from clish using "show web ssl-port" or by making it at least configureable by variable or a parameter.