This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nüüül
Advisor
Advisor
‎2018-07-31 03:14 PM
Jump to solution

Questions around API and Monitoring

Hi there,

I might have miss it, but are there plans to extend the API possibilities regarding monitoring the Checkpoint Solution (maybe including Gateways?)?

i.e.:

  • Gateway Cluster state (best, of all cluster members)
  • Active Connections
  • Interface status
  • S2S VPN status
  • Mobile Access Connections/User
  • Last Policy install date/result (Warning/Errors)
  • general System stats (Load, Disk etc.)
  • License status
  • (Dynamic Routing?)
  • (Critical Errors)

and so on...

Perhaps, it is possible to fetch the informations through the Management Server API. So Management Server is acting as kind of a proxy. Or directly addressing the Gateways...through an API? Smiley Happy

I have some customers who are using several Monitoring Solutions and want to include the central Firewall/Routing there. And sometimes SNMP is not the preferred way (When managing several gateways all over the world, for example) and some information (from above) you don´t get via SNMP.

(I hope, this is correctly located here )

Regards,

Daniel

Labels
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-07-31 04:06 PM
In response to Nüüül
Jump to solution

When I ran run-script (e.g. for cplic print) I got results right away.

If you don't, you can use show-task with the returned task-id to get this information.

Either way, the full output of the command is encoded in base64 in the responseDetails.

See: https://community.checkpoint.com/message/5757-run-script-output 

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2018-07-31 03:37 PM
Jump to solution

Right now, we have APIs for:

  • Managing access and threat prevention rulebase
  • Managing identities in Identity Awareness
  • Sandblast API (for Threat Emulation)

Monitoring gateways isn't part of this currently.

That said, you can use "run-script" as part of the management APIs to run any sort of CLI command against a gateway.

There are CLI commands for most of the above.

See, e.g. how to use the web api to run the run-script 

We are planning a gateway API and may add some of the above as part of this.

0 Kudos
Nüüül
Advisor
Advisor
‎2018-07-31 03:49 PM
In response to PhoneBoy
Jump to solution

That was quick, thanks for the fast reply!

I already looked on the "run-script" option. As Response you only get a task-id and with "show task" I only saw that this has been run successful. Good would be, to get back the output from this script, then, for example one could execute "cphaprob state" and try to parse it into monitoring state.

Or is there a way to get the scripts result?

Thanks again

Daniel

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-31 04:06 PM
In response to Nüüül
Jump to solution

When I ran run-script (e.g. for cplic print) I got results right away.

If you don't, you can use show-task with the returned task-id to get this information.

Either way, the full output of the command is encoded in base64 in the responseDetails.

See: https://community.checkpoint.com/message/5757-run-script-output 

0 Kudos
Pedro_Espindola
Employee
Employee
‎2018-07-31 09:33 PM
Jump to solution

Hello Daniel,

Why is SNMP not the preferred method? It is usually the easiest, less invasive and most light weight.

You can get all these with SNMP:

  • Gateway Cluster state (best, of all cluster members)
  • Active Connections
  • Interface status
  • S2S VPN status
  • Mobile Access Connections/User
  • Last Policy install date and name (but not Warning and Errors)
  • general System stats (Load, Disk etc.)

That said, I agree with you that for the rest it would be great to use API.

I need to be able to monitor licenses with only READ permissions.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-31 10:51 PM
In response to Pedro_Espindola
Jump to solution

You realize you could (probably) do this with SNMP using a custom MIB, right?

0 Kudos
Pedro_Espindola
Employee
Employee
‎2018-08-01 06:45 AM
In response to PhoneBoy
Jump to solution

Yes, you are right.

I just remembered my issue was with SMB appliances, and they don't support custom oids (this sk). But then API wouldn't help anyway in locally managed cases.

Nüüül
Advisor
Advisor
‎2018-08-01 04:19 AM
In response to Pedro_Espindola
Jump to solution

Hi,

yes, i am aware of SNMP and so. just thought, that using the API one might be able to gather some more /more specific data. And as there is an API, why not using it? Smiley Happy

And some informations are not available via SNMP, so i thought, that would be a good way..

imho - if it would be possible to gather those informations when polling the central management servers, that might be a great point for some customers with firewalls all around the world, as you don´t have to configure monitoring for all gateways in that detail.

Daniel

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events