Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kristof_Vermael
Contributor

API support for SMB appliances

Hello,

Does anyone know if SMB appliances and API calls will be supported in the future

In this version (R80.10), I'm getting the following error :

{
"code": "err_validation_failed",
"message": "Operations with SMB gateways are unsupported"
}

15 Replies
Sunny_Gill
Employee
Employee

SMB appliances are currently on R77.20.XX, not R80 train code. That is scheduled for 2019 and I suspect REST API will be supported at that point.

0 Kudos
PhoneBoy
Admin
Admin

What's the exact call you are making?

It's true that you cannot create (or modify) SMB gateway objects with the API currently.

0 Kudos
Kristof_Vermael
Contributor

This was a 'show-simple-gateway' call.

I'm trying to automate the creation of 70 SMB gateways over time, so creating the gateway, adding them to the appropriate VPN communities, creating network objects and adding them to the correct groups.

Not everything is possible with the API calls, creating a gateway is possible, but not a SMB gateway. Also setting an encryption domain is not possible.

So far my automation Smiley Sad

0 Kudos
G_W_Albrecht
Legend Legend
Legend

There are other possibilities to automate SMB first time config - from USB media with autoconf.clish files to the SMP Portal to Check Point SmartProvisioning Software Blade...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Kristof_Vermael
Contributor

Hello Günter,

It is not the first time config I want to automate, those SMB appliances are centrally managed, I want to automate the creation in Dashboard and first time policy install. I have created a script that creates a gateway and creates all the needed network objects, but I need to reconvert the gateway to a SMB gateway.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The i would suggest a look into SmartProvisioning Administration Guide R80.20.M1.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Kristof_Vermael
Contributor

Hello Günter, thx for helping out, but SmartPovisioning is not an option either, it is too limited.

SmartLSM is not an option as the firewalls are to different.

With the API, i can get 90% of my work automated, so i'll stick to that. I'll just hope SMB appliances will be supported in the future to get this automation to 100% !

0 Kudos
PhoneBoy
Admin
Admin

SMB Gateway Objects cannot be created or modified through the API currently.

It's something we plan to address in later releases.

edprop
Explorer

Is it possible yet to create or modify SMBs on the new version? Im running 80.30 on the mgmt server

cpxmgt1> mgmt_cli show simple-gateway name
MGMT9000 Error: The parameters of show-simple-gateway command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.
cpxmgt1> mgmt_cli show simple-gateway name "firewall33"
MGMT9000 code: "err_validation_failed"
message: "Operations with SMB gateways are unsupported"

0 Kudos
PhoneBoy
Admin
Admin

As of right now, there is still no API support for creating SMB gateways.
It may be possible to do it with generic-object but haven’t tried myself.
This is also not in the upcoming R81, as far as I know.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Is ZeroTouch combined with a CLISH script a (more) viable solution ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mistercinux
Contributor

Hello all, 

We are facing the same issue with massive deployment. What we need to automate is the creation of smb gateways on the management server. 

Since we need specific nat and access rules, we can't use the SMP api. 95% of the automation process is working fine with the SMS API but the smb object creation is the missing peace on this puzzle.

Does somebody know if this API feature is planned to be implemented soon ?

Best regards, 

0 Kudos
PhoneBoy
Admin
Admin

I don't believe it's in the near term plan but @Omer_Kleinstern would know for sure.
Regardless, I recommend engaging with your local Check Point office around this requirement.

0 Kudos
Dan_Cannon
Contributor

I think if you are deploying a large number of gateways like this then have a look at sk116136 - I have used this and adjusted some of the scripting to suit my needs.... We can now ship a box to site and plug in and it builds and applies policy to the device as required.... uses zerotouch, smartprovisioning, lsmcli and some tweaks to the python scripts to get this done... but very little user iteraction is required.

mistercinux
Contributor

Hello Dan, 

It sounds good. Thank you for helping!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events