Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Execute CLI commands on all gateways simultaneously ➜ SmartConsole Extension

After about 800 lines of code, I would like to present you my new "SmartConsole Extention ➜ Execute CLI commands on all gateways simultaneously".

This allows you to execute Expert Mode commands and CLISH commands from the SmartConsole on all gateways simultaneously.

Install the extension


1) On SmartConsole, go to Manage & Settings > Preferences > SmartConsole Extensions > +.

2) Enter the web-service manifest URL
https://www.ankenbrand24.de/ex/command.json
and click OK.

EC_1_4534534.jpg

 

Enable "exexute on all gateways"


3) On SmartConsole, go to Gateways & Servers > Command > Settings

4) Enable on all gateways buttom

EC_2_4325435345.jpg

 

Execute "Expert Mode" command on all gateways simultaneously


5) Open the menu item "Expert Mode". The same works with CLISH commands in the menu "CLISH".

6) Execute a command on all gateways for example "fw ver"

EC_3_5439857.jpg

More about the Extension 


SmartConsole extension to execute commands on all gateways and the SMS.

  • Execute commands  in  "Expert Mode" and "CLISH"
  • Execute "Expert Mode" and "CLISH" commands on all gateways simultaneously.
    SMB applications are currently not supported.
  • Command history -> Execute the last 20 commands again.
  • Status about the success of the action

Here you can find the original article with the extention:
Execute Commands ➜ SmartConsole Extension 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(3)
3 Replies
spottex
Collaborator

Nice. 
I have a few clients that I have to prove that adding code into there environment will be safe.
Opening the json file there is very little in there. 25 lines of text. Is that all that is needed for this to work?

Secondly I see there is read only settings, so I'm guessing write can be added?
Things like changing aaa or backup scp locations would be handy. But I can use your CLI version for that anyway so not too fussed.

 

0 Kudos
Bärbel
Participant

Thanks for your work and effort, Heiko! I'm pretty sure you did a great job but I think features like this should be implemented by the vendor itself.

Beeing able to execute code on multiple managed systems from the central management is an essential function also for us.

Relying on and trusting code written by some random guy and hosted on private webspace to manage security devices is definitly not the right way. I can't take anyone in the security community seriously who actually does something like this in a production environment.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @Bärbel,

I have started a new post in which we should like to continue the basic discussion:

Script from unknown users - security risk?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events