Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
I would like to know, if CP is planning to provide same features "Script repository/One time scripts" available for GAIA gateway also on Gaia embedded applianicies. Currently you cannot rung any script from SmartConsole against Gaia embedded appliances, which is a little bit surprise to me. Is it on road map to add support or not?
I'm moving this to the https://community.checkpoint.com/community/infinity-general/smb-smp?sr=search&searchId=ff929676-e356... space.
I suspect (though do not know for sure) the reason this isn't supported on the SMB appliances is because they do not have cprid, which is used for this purpose.
Although it might be more simple to use one time scripts from Dashboard on SMB, there is a littele more complicated way to achieve the same using e.g. a GAiA device, see Perform scheduled scripted tasks on SMB devices.
On the other hand, you always can use WinSCP and CLI to run the script directly on the SMB device...
I know this won't replace what you need at all, but in case you don't know these features from SMB appliances:
You can use ZeroTouch to completely automate the deployment procedure.
With Reach My Device you can easily access the gateway even behind a NAT.
You lose in some places, but gain in others.
Does One time script feature for Gaia OS, use CPRID, yes or no? I would bet that it use it. If yes, i don't see reason why same cannot be enabled for Gaia embedded.
Unless cprid on Gaia Embedded doesn't support executing arbitrary commands (which is possible).
Either way, it's not currently available from SmartConsole.
We found that cprid_util will work with centrally managed GAiA Embedded devices when taking care of environment variables, e.g.:
$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd /bin/bash -c "LOGNAME=admin bashUser on"
Without LOGNAME=admin, this will give the error: Current user cannot be determined
$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd bash -c "more /etc/passwd"
this one works perfectly fine from management server, never had to specify anything with login
though cprid util is very powerfull, back in the Edge days, there was a script page in the FW object where you could just enter a command that would be executed locally on the Edge device.
This was probably executed by a early cprid equivalent, but I think TS might be looking for something like this?