This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JuPo
Employee Employee
Employee
‎2022-01-06 01:48 AM
Jump to solution

CLI command to disconnect all SmartConsole sessions/users

Hi guys,

is there any CLI command (except cpstop) that disconnects all SmartConsole sessions/users?

 

Thx

Juraj

 

1 Solution

Accepted Solutions
Nicholas_Cuba
Contributor
Contributor
‎2023-03-02 01:04 PM
Jump to solution

In a R81.20 management server, i.e. Management API v1.9 , this one-liner worked for me to disconnect everyone logged in to the management's SmartConsole

mgmt_cli -r true show sessions details-level full -f json | jq -r '.objects[] | select(."user-name" != "WEB_API") | .uid' | while read -r uid; do mgmt_cli -r true disconnect uid $uid; done

 

View solution in original post

14 Replies
Tal_Paz-Fridman
Employee
Employee
‎2022-01-06 02:47 AM
Jump to solution

You can use Management API commands:

https://sc1.checkpoint.com/documents/latest/APIs/#cli/disconnect~v1.8%20

 

As you can see, there are additional options; you can also Publish, Discard, Takeover another session (not just of SmartConsole)

 

Management API reference - disconnect.jpg

JuPo
Employee Employee
Employee
‎2022-01-08 07:02 AM
In response to Tal_Paz-Fridman
Jump to solution

Hi @Tal_Paz-Fridman ,

unfortunately, provided solution doesn`t work for me. I see connection on port 18190 established even after executing mgmt_cli disconnect for all existing session-uids. Am I doing anything wrong?

[Expert@cp-mng:0]# netstat -ptna | grep -E '(18190|19009)' | grep -vE '(127.0.0.*127.0.0|LISTEN)'
tcp 0 0 ::ffff:172.20.3.33:18190 ::ffff:172.20.21.152:1100 ESTABLISHED 15745/fwm 

[Expert@cp-mng:0]# mgmt_cli show sessions -r true --format json | jq -r .objects[].uid | while read -r uid; do mgmt_cli disconnect uid $uid -r true; done
message: "OK"
--------------------------------------------
Time: [15:48:08] 8/1/2022
---------------------------------------------
"Publish operation" succeeded (100%) 

[Expert@cp-mng:0]# netstat -ptna | grep -E '(18190|19009)' | grep -vE '(127.0.0.*127.0.0|LISTEN)'
tcp 0 0 ::ffff:172.20.3.33:18190 ::ffff:172.20.21.152:1100 ESTABLISHED 15745/fwm

 

BR

Juraj

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2022-01-11 10:19 AM
In response to JuPo
Jump to solution

Hi 

I tried it in my lab and it disconnected the SmartConsole with the relevant notification message.

Did you check if SmartConsole was actually disconnected? 

BR

Tal

JuPo
Employee Employee
Employee
‎2022-01-22 07:37 AM
In response to Tal_Paz-Fridman
Jump to solution

Hi @Tal_Paz-Fridman ,

SC is running on customers admin computer and I am checking this during the night, so I can not verify it. Anyway even after running mgmt_cli disconnect I see a connection on port 18190. The connection is alive - verified by tcpdump. I am wondering why this connection is not terminated after running mgmt_cli disconnect.

My intention is to run migrate export without running cpstop before the export. I am using netstat to verity that there are no connections on port 18190 and 19009 to ensure that no SC admins are connected to the mgmt server.

j

 

 

 

0 Kudos
the_rock
Legend
Legend
‎2022-02-23 08:01 PM
In response to Tal_Paz-Fridman
Jump to solution

Hey @Tal_Paz-Fridman ...sorry to respond so late on this thread, but can you tell me if below command would be right to say, disconnect admin from smart console. I tried, but no luck...

[Expert@MANAGEMENT:0]# mgmt_cli show session -u admin
Password:
uid: "89720905-a10c-4c37-900d-5f838b440327"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
state: "open"
user-name: "admin"
description: ""
last-login-time:
posix: 1645675092743
iso-8601: "2022-02-23T22:58-0500"
expired-session: false
application: "WEB_API"
changes: 0
in-work: true
ip-address: "127.0.0.1"
locks: 0
connection-mode: "read write"
session-timeout: 600
connected-server:
uid: "c8212fa6-fa7c-5e44-ae2f-a19bd304c2de"
name: "MANAGEMENT"
type: "checkpoint-host"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "NetworkObjects/management"
color: "black"
comments: ""
color: "black"
icon: "Objects/worksession"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1645675092749
iso-8601: "2022-02-23T22:58-0500"
last-modifier: "admin"
creation-time:
posix: 1645675092620
iso-8601: "2022-02-23T22:58-0500"
creator: "admin"
read-only: true

[Expert@MANAGEMENT:0]# mgmt_cli disconnect uid "89720905-a10c-4c37-900d-5f838b440327"
Username: admin
Password:
message: "OK"

 

---------------------------------------------
Time: [22:58:46] 23/2/2022
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@MANAGEMENT:0]#

JuPo
Employee Employee
Employee
‎2022-02-24 07:58 AM
In response to the_rock
Jump to solution

Hi @the_rock,

it didn`t work for me, too. I tried it for a single user and for all users: 

mgmt_cli show sessions -r true --format json | jq -r .objects[].uid | while read -r uid; do mgmt_cli disconnect uid $uid -r true; done
message: "OK"

 

the_rock
Legend
Legend
‎2022-02-24 08:06 AM
In response to JuPo
Jump to solution

I know...lets see if @Tal_Paz-Fridman can provide us with exact syntax we need. Following api guide, I ran exact commands it gave, but no luck. I have a feeling maybe UID is wrong, but its not clear how to confirm it for specific user.

0 Kudos
the_rock
Legend
Legend
‎2022-02-24 08:12 AM
In response to JuPo
Jump to solution

Also, command you gave did work for me, but if I try below, it does NOT disconnect me from smart console...

Andy

 

[Expert@MANAGEMENT:0]# mgmt_cli show sessions -r true
objects:
- uid: "e21b5f0f-02ab-47ff-825e-0ce527fd8424"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Objects/worksession"
color: "black"
from: 1
to: 1
total: 1

[Expert@MANAGEMENT:0]# mgmt_cli mgmt_cli disconnect uid "41e821a0-3720-11e3-aa6e-0800200c9fde"
Error: The parameters of mgmt_cli command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.
[Expert@MANAGEMENT:0]# mgmt_cli disconnect uid "41e821a0-3720-11e3-aa6e-0800200c9fde"
Username: admin
Password:
message: "OK"

 

---------------------------------------------
Time: [11:10:24] 24/2/2022
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@MANAGEMENT:0]# mgmt_cli disconnect uid "e21b5f0f-02ab-47ff-825e-0ce527fd8424"
Username: admin
Password:
message: "OK"

 

---------------------------------------------
Time: [11:11:08] 24/2/2022
---------------------------------------------
"Publish operation" succeeded (100%)

the_rock
Legend
Legend
‎2022-02-24 08:18 AM
In response to JuPo
Jump to solution

I think I got it...below is what worked. I looked for UID under worksession line...


[Expert@MANAGEMENT:0]#
[Expert@MANAGEMENT:0]# mgmt_cli show sessions -r true
objects:
- uid: "81431391-fbfc-49d5-9d76-7b9fcc4ba6c8"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Objects/worksession"
color: "black"
- uid: "97d857c5-b045-412c-8361-2e7b12a4d5be"
type: "session"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
icon: "Objects/worksession"
color: "black"
from: 1
to: 2
total: 2

[Expert@MANAGEMENT:0]# mgmt_cli disconnect -r true uid "97d857c5-b045-412c-8361-2e7b12a4d5be"
message: "OK"

 

---------------------------------------------
Time: [11:18:12] 24/2/2022
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@MANAGEMENT:0]#

JozkoMrkvicka
Authority
Authority
‎2022-01-23 12:14 AM
Jump to solution

If your management is protected by gateway (should be), then you can use SAM rule on the gateway to cut all connections from all users connected to specific port used by SC (port tcp/19009 in case of R8x):

source: any

destination: management IP (or IPs in case of HA)

port: tcp/19009

action: reject

 

Another similar option would be to add access deny rule for specific time range (like till next hour). But depends what is connection persistance as it may happen that the new rule will be valid only for new connections, but not for already established (for that SAM can help).

Kind regards,
Jozko Mrkvicka
0 Kudos
Nicholas_Cuba
Contributor
Contributor
‎2023-03-02 01:04 PM
Jump to solution

In a R81.20 management server, i.e. Management API v1.9 , this one-liner worked for me to disconnect everyone logged in to the management's SmartConsole

mgmt_cli -r true show sessions details-level full -f json | jq -r '.objects[] | select(."user-name" != "WEB_API") | .uid' | while read -r uid; do mgmt_cli -r true disconnect uid $uid; done

 

the_rock
Legend
Legend
‎2023-03-02 01:07 PM
In response to Nicholas_Cuba
Jump to solution

EXCELLENT! Just tested and disconnected 3 people connected to my R81.20 lab smart console. THANK YOU 🙌🙌 @Nicholas_Cuba 

Nicholas_Cuba
Contributor
Contributor
‎2023-03-02 01:16 PM
In response to the_rock
Jump to solution

I suspect the previous one-liners were kicking themselves out. mgmt_cli -r true logs in with username WEB_API, and it always seems to be the first user's info listed in a show sessions output.

0 Kudos
the_rock
Legend
Legend
‎2023-03-02 01:20 PM
In response to Nicholas_Cuba
Jump to solution

Makes sense. In all honesty, Im probably the WORST person when it comes to api commands, so unless I verify in the lab first, I would not give it to anyone, haha.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events