cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Change Expert Password For many FW

Hi Mates,

It is possible to change the expert password for many FW at the same time?

We have many FW managed for a Server Magament R 77.30 and we need to change the expert password for about 30 FW 1430.

 

Thanks

Labels (1)
Tags (2)
0 Kudos
4 Replies
Danny
Pearl

Re: Change Expert Password For many FW

Solution 1

Create a little Bash script that executes the following command for every gateway and run on your firewall management:

$CPDIR/bin/cprid_util -server <IP_address_of_Security_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set expert password-hash NEW_HASH>'

 

Solution 2

Use an expect script on your firewall management to login to all your appliances and change the expert password. Example:

#!/usr/bin/expect

set HOST     "192.168.10.1"
set LOGIN    "admin"
set PASSWORD "password"
set COMMAND  "set expert password-hash NEW_HASH"
set timeout  60

spawn ssh -C -x -l $LOGIN $HOST
expect {
"fingerprint" {
    send "yes\n"
    expect "word: $"
    send "$PASSWORD\n"
    }
"word: $" {
    send "$PASSWORD\n"
    }
}
expect ">"
send "$COMMAND\n"
expect ">"
send "save config\n"
expect ">"
send "exit\n"
0 Kudos

Re: Change Expert Password For many FW

anything that is available in cprid is also available using the "run script" Management API command.

run script command: Check Point - Management API reference 

So either using the mgmt_cli executable on the Management server, or from the command-line inside SmartConsole GUI, or using REST calls with your favorite scripting language, should be something like:

run-script script-name "changing expert password" script "set expert password-hash NEW_HASH" targets.1 "corporate-gateway" targets.2 "branchOfficeGW" 

Please note that run-script returns a task, and that task should be polled to see whether it succeeded or failed using the show tasks command: Check Point - Management API reference 

Danny
Pearl

Re: Change Expert Password For many FW

FYI: For the 30x 1430 SMB Appliances that this thread was opened for there is a limitation when trying to execute scripts directly from within the GUI.

0 Kudos

Re: Change Expert Password For many FW

I didn't notice the appliance, sorry.. I suppose the API / command-line option would not work in this case either because it calls the same cprid wrapper, even though this is possible with cprid.

0 Kudos