Create a Post
Showing results for 
Search instead for 
Did you mean: 

Multiple clish commands from R80 script repository possible?

Hello, I'm attempting to script out enabling SNMP on around 100 gateways, and I'd like to automate as much as possible. I've previously used the R80 script repository for simple commands like a cluster failover or for a CSS fix for pre-R80.20 gateways. My question today is whether this is possible to utilize for enabling SNMP across multiple gateways? Basically my script would execute the following CLISH commands:

set snmp agent on
set snmp agent-version any
set snmp contact "Network Security"
set snmp community SecretPassword read-only
save config

However, when I try to enter this and run against a gateway it inevitably fails, which my guess is because the script repo functions at the expert level. I've also tried adding each line as clish -c "set snmp agent on", with no luck either. If there's an easier way to turn on SNMP for all of my gateways outside of this script function, I'm all ears. Thanks in advance! 

Tags (2)
4 Replies

I would see two different approaches.
First to write a script which calls cprid_util using those commands. Maybe in combination with mgmt_api getting a list of all checkpoint objects. There is an article somewhere here describing how to get this list.

I would prefer using cdt

with it you can send a bash script, in this case including the commands as

/bin/clish -s -c 'lock database override'

/bin/clish -s -c 'set snmp agent-version any'

and so on

then send the file using cdt and executing it afterwards.

To achieve this, you need two actions in the deployment plan

push_file and execute_script

Just refer to the Central Deployment Tool (CDT) v1.6 Administration Guide 

CDT start page is sk111158

I used this way to create a user for restorepoint backup, setting group id, password and so on, that works.

and now to something completely different

Ansible is useful for such tasks as well

and now to something completely different

How to push a script via CDT with execution permission? aka chmod 770?




0 Kudos