Many thanks Robert! Now I understand the Management API reference a little bit better ☺.

But I only get 23 of 110 gateway IP addresses. When I add “limit 500”, which seems to be maximum, I see 27 gateway IP addresses.

So it seems, that the output is limited to a number of lines ….

Right, the default limit is 50, so you need to specify a manual upper limit if you need.

This command only returns simple-gateways, there may be non simple-gateways, and they are not returned.

Try the "show gateways-and-servers" command instead. It will return ALL gateways.

Robert.

You are right - "show gateways-and-servers" shows all gateways.

But unfortunately this command shows also the cluster objects. Is it possible to filter out these cluster objects, so that i get only real gateway IP addresses? 

Bernhard

I found this way working: 

mgmt_cli -r true show gateways-and-servers limit 500 offset 0 details-level full --format json --root true | $CPDIR/jq/jq -r '.objects[]|[.["type"], .["ipv4-address"]]| @csv' | egrep "CpmiClusterMember|simple-gateway" | cut -d "," -f 2 | tr -d '"'

Is there a way to filter like grep with json?

Bernhard

No, AFAIK, but you can use the select/contains/not combinations on the output. For Example - 

 | select(.values[] | contains(\"cluster\") | not)

Robert.

Here you go, the fully working command - 

mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Cluster") | not) | ."ipv4-address"'

Enjoy,

Robert.

But this command displays management server, log server as well as interoperable devices. To catch only managed gateways, only "CpmiClusterMember" and "simple-gateway" (maybe "CpmiSofawareGateway" for embedded appliances) have to filter. Is it possible to use "contains" with OR?

Thanks,

Bernhard

Hi, sorry for the late reply, I was on vacation.

You can use multiple elements inside contains statement - 

contains(["simple", "cluster"])

Robert.

works - many thanks!!

Hello, i'm having this same issue, i've tried to run this command in the checkpoint command line, but when i do i the the error 'The flag "-r" is not supported within SmartConsole's CLI window.' we are using checkpoint r80.40. Do you know where I'm going wrong? 

Don't run it from the SmartConsole's CLI. Login via SSH and go into expert mode. Then run the command.

Why not just get the object IP?

That's what the manager actually uses to communicate to the gateway. 

Sure, but how? 🙂

In the objects_5_0.C (and via the output of dbedit) there are multiple "IP address" statements, both what seems to be the Main IP but also under the "interfaces-branch". So a grep for "IP address" will return all those. I haven't seen an entry for "Main IP" or some other unique entry besides the value in the "SIC-branch"... Which isn't always there...

Cheers

Mikael

(I'm replying via my phone so the exact name of the IP-field might not be correct)

It's the main object IP...the one identified by ipaddr (not listed in the interfaces branch).

In the older versions and even in R80.10 cpmiquerybin tool (cpwiki.net) might be used.

The following query to returns firewalls and cluster members:

cpmiquerybin attr "" network_objects "(type='cluster_member') | (type='gateway') & (location='internal')" -a __name__,ipaddr

It should return

object1 IP
object2 IP

In a Multi-Domain Server either run this query in each CMA or use the next query in the MDS context

cpmiquerybin attr "mdsdb" network_objects "(type='gateway') | (type='cluster_member')" -a __name__,ipaddr

Some awk or sed is necessary to get desired output.

I would upgrade my MGMT to R80.10 for this purpose alone - to use the better API - but maybe that’s just me  

either way if you plan to upgrade at some point to R80.10, this R77 script’s shelf life won’t be too long...