- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
It looks like you expect admin shell to be bash, or am I missing something? It is not bash, unless you change it manually.
Things I would check since it looks like you are using the standard ansible commands.
1. Shell setup for the ansible user should be set to /bin/bash on the gateway.
2. Make sure ansible has the path to where python is. Gaia does not have it in a typical location. Also this applies to R80.X and later, since in R77.X any python scripts have to be white-listed.
Here is an example of what I use in my demo R80.X systems in my /etc/ansible/hosts
[Gaia]
10.2.0.221 ansible_python_interpreter="/opt/CPsuite-R80/fw1/Python/bin/python"
[Gaia:vars]
ansible_connection=ssh
ansible_ssh_user=admin
ansible_ssh_pass=vpn123
ansible_python_interpreter=/opt/CPsuite-R80/fw1/Python/bin/python
scp_if_ssh = False
Can you show TACP0 settings? It does not seem to be full admin account, hence bash access might fail. Does TACP15 work?
This is completed now. I took a different approach to achieve this. I ran the shell script inside the firewall and through Ansible i invoked the shell script and displayed the result on my screen.
This also resolves my issue of how to take VSX specific output.
@Tribhawan_Singh good to know you have found the way. Care to share the details here, for outer community members?
@_Val_ Sure, here is the sample shell and ansible script
Shell inside the firewall /home/admin directory:
For VS1:
[Expert@firewall:0]# cat cp1.sh
#!/bin/bash
source /etc/profile.d/vsenv.sh 2> /dev/null
# First arg passed to script is VSNAME
VSNAME=1
vsenv $VSNAME
cphaprob stat
fw tab -t connections -s
fwaccel stat | grep Status
sleep 2s
fwaccel stats -s
fw ctl multik stat
fw ctl pstat -u
Ansible Script:
- name: CheckPoint health Status
hosts: localhost
gather_facts: yes
tasks:
- name: checkpoint healthcheck commands on vs1
shell: "ssh admin@10.x.x.x ' sh /home/admin/cp1.sh'"
args:
executable: /bin/bash
register: check
delegate_to: localhost
- name: CheckPoint healthcheck output for vs1
debug:
var: check.stdout_lines
Have you tried the healthcheck.sh script from sk121447?
It can be run on gateway from the management server.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY