This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Enzooo_PHN
Participant
‎2023-09-14 11:14 PM
Jump to solution

The command "show ips-status" in the Management API which firewall IPS status was showed?

As we know management API have a command "show ips-status" can show the ips blades current status. but I'm confused that command only can output one result. and you can't know the result is which firewall IPS blade status, when your management server managed lots of firewall devices. I though this result shouldn't be the management server's info as we know it doesn't have IPS blades.

I'd like to know how to get all managed firewall devices IPS status through web_API. Or another way to get it which can let me automate get this info.

Enzooo_PHN_1-1694757921387.png

 

 

Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-10-09 12:27 PM
In response to Enzooo_PHN
Jump to solution

The command you run on the gateway to determine if IPS blade is enabled and, if so, what version of the database it has: ips stat.
The run-script API is documented here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/run-script~v1.9%20
Which translates to something like:

mgmt_cli -r true run-script script-name "Get status of IPS on Gateway" script "ips stat" targets.1 "MyGateway"

This API endpoint is asynchronous, meaning it will return a task-id instead of the results of that script.
To see the results, you need to use the show-task API: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-task~v1.9%20
The responseMessage is encoded in base64 format, which will need to be decoded.
Thankfully, this can easily be done with the CLI:

mgmt_cli -r true --format json show-task task-id "d23f46e1-0f6a-4c53-8d94-380d292d6781" details-level full | jq '.tasks[]."task-details"[].responseMessage' | base64 -id

To explain this command (entered from expert mode on the management):

  • -r true is a simple way to execute API commands from the management without providing credentials.
  • --format json ensures mgmt_cli returns data in JSON format (by default it does not, but direct API calls will).
  • jq '.tasks[]."task-details"[].responseMessage' (after the |) pulls out the responseMessage from the mgmt_cli output
  • base64 -id (after the |) decodes the base64 

There are other ways to achieve this that don't involve the API as well.

 

View solution in original post

0 Kudos
6 Replies
emmap
Employee
Employee
‎2023-09-15 12:24 AM
Jump to solution

That is showing the IPS update information on the management server.

0 Kudos
Enzooo_PHN
Participant
‎2023-09-15 01:15 AM
In response to emmap
Jump to solution

management server doesn't own IPS blade. why it shows ips status. I sensitively doubt this. if you were right, could you show me how to check managed firewall IPS blades status one by one through WEB_API?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-09-15 02:26 AM
In response to Enzooo_PHN
Jump to solution

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#clish/show-ips-status~v1.6

The mgmt_cli tool is installed as part of Gaia on all R80 gateways and can be used in scripts running in expert mode.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-15 07:55 AM
Jump to solution

It’s showing you the state of the IPS database on the management server, which can be used to update the various managed gateways.
If you want to see the state on a gateway, you need to make a call to the relevant gateway with the run-script API endpoint.

0 Kudos
Enzooo_PHN
Participant
‎2023-10-08 01:20 AM
In response to PhoneBoy
Jump to solution

Thank you what a nutritious reply. So, could you show me which script command should I use to call it? Do you have a more detailed example?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-09 12:27 PM
In response to Enzooo_PHN
Jump to solution

The command you run on the gateway to determine if IPS blade is enabled and, if so, what version of the database it has: ips stat.
The run-script API is documented here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/run-script~v1.9%20
Which translates to something like:

mgmt_cli -r true run-script script-name "Get status of IPS on Gateway" script "ips stat" targets.1 "MyGateway"

This API endpoint is asynchronous, meaning it will return a task-id instead of the results of that script.
To see the results, you need to use the show-task API: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-task~v1.9%20
The responseMessage is encoded in base64 format, which will need to be decoded.
Thankfully, this can easily be done with the CLI:

mgmt_cli -r true --format json show-task task-id "d23f46e1-0f6a-4c53-8d94-380d292d6781" details-level full | jq '.tasks[]."task-details"[].responseMessage' | base64 -id

To explain this command (entered from expert mode on the management):

  • -r true is a simple way to execute API commands from the management without providing credentials.
  • --format json ensures mgmt_cli returns data in JSON format (by default it does not, but direct API calls will).
  • jq '.tasks[]."task-details"[].responseMessage' (after the |) pulls out the responseMessage from the mgmt_cli output
  • base64 -id (after the |) decodes the base64 

There are other ways to achieve this that don't involve the API as well.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top