This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
stallwoodj
Collaborator
Collaborator
‎2024-06-07 09:31 AM

mgmt_cli "set application-site"

Hi,

FYI I've just raised an SR for the management API (R81.20 T65).

When using the above command, if you had previously included the value "urls-defined-as-regular-expression true" then the SET command will reset it to false, unless you include this argument again.

Thanks

Jamie

0 Kudos
9 Replies
the_rock
MVP Diamond
MVP Diamond
‎2024-06-07 09:38 AM

Can you send command you did? I can try it on my lab mgmt

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
stallwoodj
Collaborator
Collaborator
‎2024-06-07 09:41 AM
In response to the_rock

 

Hi Andy,

Using the BASH script below to send the commands (argument 1 being a filename):

#!/bin/bash
#
session=`mgmt_cli -r true login --format json| jq -r '.sid'`
COUNT=0
FILE=`mktemp`
F=`mktemp`

grep ^[^#] <$1 >$F

while IFS= read -r line
do
echo "echo $line" >>$FILE
echo "usleep 100" >>$FILE
echo "mgmt_cli $line ignore-warnings true --ignore-errors true --session-id \"$session\" 2>&1" >>$FILE
COUNT=$((COUNT+1))
if [ `expr $COUNT \% 2000` = "0" ]; then
echo "mgmt_cli publish --session-id \"$session\" 2>&1" >>$FILE
fi
done <$F

source $FILE
mgmt_cli publish --session-id $session 2>&1
mgmt_cli logout --session-id $session 2>&1
rm $FILE $F

 

The command set in question:

set session description "Create Blacklist Object" new-name "APCL-API"
add application-site name "Sample-Blocklist" primary-category "High Risk" urls-defined-as-regular-expression true url-list.1 "dummy"
set application-site name "Sample-Blocklist" url-list.add "\\/site\\.com"
set application-site name "Sample-Blocklist" url-list.add "\\.site\\.com"
set application-site name "Sample-Blocklist" url-list.remove "dummy"

 

Thanks

Jamie

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-07 09:42 AM
In response to stallwoodj

Just rebooting it, will try soon.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-07 10:18 AM
In response to stallwoodj

Just tried, yes, I see your point.

Best,
Andy
"Have a great day and if its not, change it"
stallwoodj
Collaborator
Collaborator
‎2024-07-02 07:52 AM
In response to stallwoodj

Some clarification: it seems to be only the REMOVE verb affecting it.

Thanks

Jamie

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-07 02:17 PM

There are a few API calls like that (particularly with Gateway objects).
Please send me the SR in a PM.
Also tagging @Omer_Kleinstern 

0 Kudos
stallwoodj
Collaborator
Collaborator
‎2024-09-10 05:49 AM
In response to PhoneBoy

Interestingly, it wasn't the remove command alone that was resetting the flag, but only if the PREVIOUS command failed to explicitly specify the flag (the commands were not completely atomic). I've had a private hotfix built and tested successfully (for application-site only), so hopefully  this will be rolled into a hotfix take soon.

PhoneBoy
Admin
Admin
‎2024-09-10 10:10 AM
In response to stallwoodj

Yes, that's the exact behavior I was talking about.

0 Kudos
Duane_Toler
MVP Silver
MVP Silver
‎2024-06-07 02:25 PM

Have you considered Ansible by chance?  Check Point has modules for the set/show/delete application-site APIs:

https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_application_site_module...

With this, you can specify that attribute as part of the request.  Ansible will handle your login session and you get a consistent interface.

 

---
- name: Manage application sites
  hosts: mgmt_server
  connection: httpapi
  gather_facts: false
  become: false

  vars:
    ansible_api_key: MGMT_API_KEY
    ansible_network_os: check_point.mgmt.checkpoint
    block_list:
      name: Sample_Blocklist
      primary_category: High Risk
      url_list:
        add:
          - '\/site.com'
          - '\.site\.com'
        remove:
          - dummy


  tasks:
    - name: Get application site info
      check_point.mgmt.cp_mgmt_application_site:
        name: app_site_facts

    - name: Update application sites
      check_point.mgmt.cp_mgmt_application_site:
        name: "{{ block_list.name }}"
        primary_category: "{{ block_list.primary_category }}"
        url_list: "{{ (app_site_facts['ansible_facts']['application_site']['url_list'] |list) + block_list.url_list.add | difference(block_list.url_list.remove) }}"
        urls_defined_as_regular_expression: true

...

 

(Untested, but should be close)

The idea is to "model" the object you want then work with the model.  It pays enormous dividends, tho.

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events