This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Xavier_Koenig
Contributor
‎2019-03-11 08:23 AM

Multiple clish commands from R80 script repository possible?

Hello, I'm attempting to script out enabling SNMP on around 100 gateways, and I'd like to automate as much as possible. I've previously used the R80 script repository for simple commands like a cluster failover or for a CSS fix for pre-R80.20 gateways. My question today is whether this is possible to utilize for enabling SNMP across multiple gateways? Basically my script would execute the following CLISH commands:

set snmp agent on
set snmp agent-version any
set snmp contact "Network Security"
set snmp community SecretPassword read-only
save config

However, when I try to enter this and run against a gateway it inevitably fails, which my guess is because the script repo functions at the expert level. I've also tried adding each line as clish -c "set snmp agent on", with no luck either. If there's an easier way to turn on SNMP for all of my gateways outside of this script function, I'm all ears. Thanks in advance! 

4 Replies
Vincent_Bacher
Advisor
Advisor
‎2019-03-11 08:36 AM

I would see two different approaches.
First to write a script which calls cprid_util using those commands. Maybe in combination with mgmt_api getting a list of all checkpoint objects. There is an article somewhere here describing how to get this list.

I would prefer using cdt

with it you can send a bash script, in this case including the commands as

/bin/clish -s -c 'lock database override'

/bin/clish -s -c 'set snmp agent-version any'

and so on


then send the file using cdt and executing it afterwards.

To achieve this, you need two actions in the deployment plan

push_file and execute_script

Just refer to the Central Deployment Tool (CDT) v1.6 Administration Guide 

CDT start page is sk111158


I used this way to create a user for restorepoint backup, setting group id, password and so on, that works.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Vincent_Bacher
Advisor
Advisor
‎2019-03-12 01:30 PM
In response to Vincent_Bacher

Ansible is useful for such tasks as well

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
Alessio_Bandini
Explorer
‎2020-06-17 09:22 AM
In response to Vincent_Bacher

How to push a script via CDT with execution permission? aka chmod 770?

 

thanks

Alessio

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top