This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christian_Garci
Participant
‎2017-10-19 01:04 PM

Change Expert Password For many FW

Hi Mates,

It is possible to change the expert password for many FW at the same time?

We have many FW managed for a Server Magament R 77.30 and we need to change the expert password for about 30 FW 1430.

 

Thanks

Labels
0 Kudos
4 Replies
Danny
Champion Champion
Champion
‎2017-10-19 02:19 PM

Solution 1

Create a little Bash script that executes the following command for every gateway and run on your firewall management:

$CPDIR/bin/cprid_util -server <IP_address_of_Security_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set expert password-hash NEW_HASH>'‍

 

Solution 2

Use an expect script on your firewall management to login to all your appliances and change the expert password. Example:

#!/usr/bin/expectset HOST     "192.168.10.1"set LOGIN    "admin"set PASSWORD "password"set COMMAND  "set expert password-hash NEW_HASH"set timeout  60spawn ssh -C -x -l $LOGIN $HOSTexpect { "fingerprint" {    send "yes\n"    expect "word: $"    send "$PASSWORD\n"    } "word: $" {    send "$PASSWORD\n"    }}expect ">"send "$COMMAND\n"expect ">"send "save config\n"expect ">"send "exit\n"‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
Tomer_Sole
Mentor
Mentor
‎2017-10-19 02:31 PM
In response to Danny

anything that is available in cprid is also available using the "run script" Management API command.

run script command: Check Point - Management API reference 

So either using the mgmt_cli executable on the Management server, or from the command-line inside SmartConsole GUI, or using REST calls with your favorite scripting language, should be something like:

run-script script-name "changing expert password" script "set expert password-hash NEW_HASH" targets.1 "corporate-gateway" targets.2 "branchOfficeGW"

Please note that run-script returns a task, and that task should be polled to see whether it succeeded or failed using the show tasks command: Check Point - Management API reference 

Danny
Champion Champion
Champion
‎2017-10-20 07:03 AM
In response to Tomer_Sole

FYI: For the 30x 1430 SMB Appliances that this thread was opened for there is a limitation when trying to execute scripts directly from within the GUI.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2017-10-21 10:17 PM
In response to Danny

I didn't notice the appliance, sorry.. I suppose the API / command-line option would not work in this case either because it calls the same cprid wrapper, even though this is possible with cprid.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top