This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mikesh_Khanal
Explorer
‎2017-08-20 06:16 PM

Automate policy installation

1. I am planning to automate my Change requests and in order to do that I would like to know how could i use batch options for install-policy.

The option I tried:

[Expert@mapcpmgmt01:0]# mgmt_cli install-policy --batch policypackage.csv --format json

Line 2: {
"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [standard]"
}

{ "response" : []}

The CSV file looked like this:

[Expert@mapcpmgmt01:0]# cat policypackage.csv
policy-package,standard,access,true
policy-package,standard1,access,true

0 Kudos
3 Replies
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2017-08-23 01:48 AM

Hello Mikesh,

I think the issue might be with the way you are formatting your CSV file.

The way to use the CSV files is as followed:

Here is how I adapted your example:

[Expert@Mgmt]# cat policy.csv
policy-package,access,
Standard,true,

[Expert@Mgmt]# mgmt_cli install-policy --batch ./policy.csv --format json -r true


---------------------------------------------
Time: [11:42:39] 23/8/2017
---------------------------------------------
"Policy installation - Standard" in progress (0%)

....

....

....

<installation finished successfully>

[Expert@Mgmt]#

HTH 

Yonatan

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2017-08-23 01:56 AM
In response to Yonatan_Philip

One more note for future reference - try checking the output of $FWDIR/log/api.elg.

You can find the actual payload that reached the server. 

I'm guessing your output would have looked something along the lines of:

Address: http://127.0.0.1:50276/web_api/install-policy
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json], connection=[keep-alive], Content-Length=[91], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[mgmt_cli], X-chkp-sid=[1KtvuY0yiF_JFFSkhc4o2MJZBcS_q7D4AnzMUQfpHS8], X-Forwarded-For=[127.0.0.1], X-Forwarded-Host=[127.0.0.1], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[192.168.19.131]}
Payload: {"Standard":"Standard1","access":"access","policy-package":"policy-package","true":"true"}

--------------------------------------
2017-08-23 11:54:14,088 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp-27716996-27] - Cache created and initialized
2017-08-23 11:54:14,089 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp-27716996-27] -
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "Standard" (class com.checkpoint.management.web_api.core.handler.commands.on_targets.install_policy.PolicyInstallationRequest), not marked as ignorable (8 known properties: "install-on-each-target-of-the-same-version-independently", "prepare-only", "targets", "threat-prevention", "access", "install-on-all-cluster-members-or-fail", "policy-package", "revision"])
at [Source: {"Standard":"Standard1","access":"access","policy-package":"policy-package","true":"true"}
; line: 1, column: 14] (through reference chain: com.checkpoint.management.web_api.core.handler.commands.on_targets.install_policy.PolicyInstallationRequest["Standard"])

...

...

...

---------------------------
ID: 32
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Wed, 23 Aug 2017 08:54:14 GMT]}
Payload: {
"code" : "generic_err_invalid_parameter_name",
"message" : "Unrecognized parameter [Standard]"

This would probably have helped you figure this out on your own Smiley Happy

HTH 

Yonatn

0 Kudos
Mikesh_Khanal
Explorer
‎2017-08-23 07:30 PM
In response to Yonatan_Philip

Thanks Philip. Now, I have a real picture on how to use batch file and how to araange commands in CSV.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events