Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RKinsp
Contributor

ClusterXL - adding interface via CLI not working

Jump to solution

Good morning everyone!

I am trying to add a vlan interface to a Cluster via API / CLI on R81 (open server). The interfaces were configured on the individual gateways via CLI and they are up, but when I try the below command for creating the interface at the cluster level, it gives me the folowwing error: CLINFR0711 Command insecure

I think I might be missing somthing on the command itself but the error does not give me much to go on. What I am doing is SSHing into the SMS and trying the CLI from there:

mgmt login user admin

mgmt set simple-cluster name "ClusterXL" interfaces.add.name "eth1.100" interfaces.add.ip-address "10.1.1.100" interfaces.add.ipv4-mask-length "30" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "false" interface.add.topology-settings.ip-address-behind-this-interface "SPECIFIC" interface.add.topology-settings.specific-network " ClusterXL-Subnet-1" members.update.1.name "ClusterXL-1" members.update.1.interfaces.name "eth1.100" members.update.1.interfaces.ipv4-address "172.32.0.1" members.update.1.interfaces.ipv4-network-mask "255.255.255.252" members.update.2.name "ClusterXL-2" members.update.2.interfaces.name "eth1.100" members.update.2.interfaces.ipv4-address "172.32.0.2" members.update.2.interfaces.ipv4-network-mask "255.255.255.252" --format json

 

Reference:

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#clish/set-simple-cluster~v1.7%20

 

Any thoughts

 

Output from show-api-versions

mgmt show-api-versions
current-version: "1.7"
supported-versions:
- "1"
- "1.1"
- "1.6.1"
- "1.2"
- "1.3"
- "1.4"
- "1.5"
- "1.6"
- "1.7"

Thanks!

RK

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
0 Kudos
7 Replies
Timothy_Hall
Champion
Champion

Perhaps this is just an artifact of copy/pasting into your post, but you have a leading space for an object name here, which is not allowed:

" ClusterXL-Subnet-1" 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
RKinsp
Contributor

I think that was just a posting issue. I tried copying the exact example on the API page and only changing the object names and still no go. "Command Insecure".

I wonder if naming my cluster ClusterXL might be the issue...

 

mgmt set simple-cluster name "ClusterXL" interfaces.add.name "eth3" interfaces.add.ip-address "10.10.10.1" interfaces.add.ipv4-mask-length "24" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "true" members.update.1.name "ClusterXL-1" members.update.1.interfaces.name "eth3" members.update.1.interfaces.ipv4-address "10.10.10.2" members.update.1.interfaces.ipv4-network-mask "255.255.255.0" members.update.2.name "ClusterXL-2" members.update.2.interfaces.name "eth3" members.update.2.interfaces.ipv4-address "10.10.10.3" members.update.2.interfaces.ipv4-network-mask "255.255.255.0" --format json

0 Kudos
Timothy_Hall
Champion
Champion

Very possible that "ClusterXL" is a reserved word when it comes to object naming.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
RKinsp
Contributor

Ok, so I figured it out. It seems there is a command length limit when using SSH into the system. When using partial commands it works, but whenever I go beyond a certain count it gives me the insecure error.

Confirmed by typing in the same command into SmartConsole CLI and it works fine.

Any ideas on turning off this lenght limit?

Example below works in Gaia CLI:

mgmt set simple-cluster name "ClusterXL" interfaces.add.name "eth4.100" interfaces.add.ip-address "10.1.1.100" interfaces.add.ipv4-mask-length "24" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "false" interfaces.add.topology-settings.ip-address-behind-this-interface "SPECIFIC" interfaces.add.topology-settings.specific-network "VLAN-100-Interface"

 

Example below works in SmartConsole CLI

set simple-cluster name "ClusterXL" interfaces.add.name "eth4.100" interfaces.add.ip-address "10.1.1.100" interfaces.add.ipv4-mask-length "24" interfaces.add.interface-type "cluster" interfaces.add.topology "INTERNAL" interfaces.add.anti-spoofing "false" interfaces.add.topology-settings.ip-address-behind-this-interface "SPECIFIC" interfaces.add.topology-settings.specific-network "VLAN-100-Interface" members.update.1.name "ClusterXL-1" members.update.1.interfaces.name "eth4.100" members.update.1.interfaces.ipv4-address "172.32.0.1" members.update.1.interfaces.ipv4-mask-length "30" members.update.2.name "ClusterXL-2" members.update.2.interfaces.name "eth4.100" members.update.2.interfaces.ip-address "172.32.0.2" members.update.2.interfaces.ipv4-mask-length "30" --format json

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
RKinsp
Contributor

Thanks Phoneboy.

Expert mode works, but still did not find a way to do it straight in Gaia. It is just an extra step we were trying to avoid, but it solves to problem.

0 Kudos
PhoneBoy
Admin
Admin

Is it possible to break that up into multiple commands?
I think the issue is the command line is longer than clish allows.

0 Kudos