cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Tufin integration with Check Point R80.docx

Tufin integration document for integrating newly upgraded Check Point R80.x Management Appliances.  I used documentation from Tufin and Check Point in the creation of this whitepaper.

 

For the full list of White Papers, go here

4 Replies
Admin
Admin

Re: Tufin integration with Check Point R80.docx

I'm putting this in the general Management space as the space you had posted this to wasn't public Smiley Happy

Highlighted

Re: Tufin integration with Check Point R80.docx

Apologies and appreciate you moving to the right spot.

0 Kudos

Re: Tufin integration with Check Point R80.docx

Nice summary document and initiative Donovan. Tufin is one of our technology partners who also includes  documentation that our readers may find helpful. Their links and version support may change over time so start at the high level and include some current snapshots. Would also encourage our customers and partners to check the Tufin site for the latest information.

Security Policy Orchestration for CheckPoint Firewalls from Tufin 

Supported Devices and Platforms 

Adding Check Point Devices 

Upgrading to Check Point R80 Support 

Re: Tufin integration with Check Point R80.docx

I guess it would be worth adding basic troubleshooting steps as we had number of issues with API dying or crashing on MDS  after Tufin calls. Bugs with API on CP side I'm afraid. Still present with Take 142 - fixed one CMA and broke another Smiley Happy

These logs help to identify issues fairly quickly to raise quality SR.

Look for api.elg log file, in MDS case in $MDS_FWDIR/log

I have no logs from regular SMS so I will give example of CMA case below. MDS main IP = 10.10.16.100, CMA = 10.10.16.109 and Tufun 10.10.16.50.

API call is made by Tufin "show packages details-level full offset 0 limit 200" and it ends with API error

--------------------------------------
2018-09-13 07:22:42,935 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp801587943-36] - Inbound Message
----------------------------
ID: 393
Address: http://127.0.0.1:50276/web_api/v1.1/show-packages
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json], accept-encoding=[gzip,deflate], connection=[keep-alive], Content-Length=[63], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[Apache-HttpClient/4.4.1 (Java/1.8.0_171-ojdkbuild)], X-chkp-sid=[ooS5sJJ1ZLIF3vjcuj5Q_A1RXa6iBf8twqRjHBrpQak], X-Forwarded-For=[10.10.16.50], X-Forwarded-Host=[10.10.16.109:443], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[10.10.16.100]}
Payload: {
"offset" : 0,
"limit" : 200,
"details-level" : "full"
}
--------------------------------------
2018-09-13 07:22:42,939 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp801587943-36] - Cache created and initialized
2018-09-13 07:22:42,940 INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:132 [qtp801587943-36] - Executing [show-packages] of version 1.1
2018-09-13 07:22:44,183 ERROR com.checkpoint.management.web_api_is.utils.RemoteUidsUtils.getOverviewObjects_aroundBody38:153 [qtp801587943-36] - Getting overview list failed, switching to getting one by one.
2018-09-13 07:22:44,198 ERROR com.checkpoint.management.web_api_is.utils.RemoteUidsUtils.getOverviewObjects_aroundBody38:44 [qtp801587943-36] - Getting overview object for uid [05d74d34-8e1d-4fc6-7a27-3acb17546c2a] failed, trying to get the full object to mimic an overview response.
2018-09-13 07:22:44,210 ERROR com.checkpoint.management.web_api_is.utils.RemoteUidsUtils.getOverviewObjects_aroundBody38:136 [qtp801587943-36] - Getting full object for uid [05d74d34-8e1d-4fc6-7a27-3acb17546c2a] failed.
2018-09-13 07:22:44,211 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:195 [qtp801587943-36] - Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_UNSPECIFIED] errorFamily [null] message [An internal error has occurred.]
2018-09-13 07:22:44,211 WARN com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:52 [qtp801587943-36] - Unhandled GeneralRemoteFault error code [CP_ERR_UNSPECIFIED]
2018-09-13 07:22:44,212 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp801587943-36] -
com.checkpoint.web_services.faults.GeneralRemoteFault: An internal error has occurred.

You can then run the same commands manually directly on MDS/CMA and replicate the issue and narrow it down - in this particular case "show packages" actually worked but not with details level full. Playing more we were able to identify that issue was with one single package.

0 Kudos