This was a 'show-simple-gateway' call.

I'm trying to automate the creation of 70 SMB gateways over time, so creating the gateway, adding them to the appropriate VPN communities, creating network objects and adding them to the correct groups.

Not everything is possible with the API calls, creating a gateway is possible, but not a SMB gateway. Also setting an encryption domain is not possible.

So far my automation

There are other possibilities to automate SMB first time config - from USB media with autoconf.clish files to the SMP Portal to Check Point SmartProvisioning Software Blade...

Hello Günter,

It is not the first time config I want to automate, those SMB appliances are centrally managed, I want to automate the creation in Dashboard and first time policy install. I have created a script that creates a gateway and creates all the needed network objects, but I need to reconvert the gateway to a SMB gateway.

The i would suggest a look into SmartProvisioning Administration Guide R80.20.M1.

Hello Günter, thx for helping out, but SmartPovisioning is not an option either, it is too limited.

SmartLSM is not an option as the firewalls are to different.

With the API, i can get 90% of my work automated, so i'll stick to that. I'll just hope SMB appliances will be supported in the future to get this automation to 100% !

SMB Gateway Objects cannot be created or modified through the API currently.

It's something we plan to address in later releases.

Is it possible yet to create or modify SMBs on the new version? Im running 80.30 on the mgmt server

cpxmgt1> mgmt_cli show simple-gateway name
MGMT9000 Error: The parameters of show-simple-gateway command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.
cpxmgt1> mgmt_cli show simple-gateway name "firewall33"
MGMT9000 code: "err_validation_failed"
message: "Operations with SMB gateways are unsupported"

As of right now, there is still no API support for creating SMB gateways.
It may be possible to do it with generic-object but haven’t tried myself.
This is also not in the upcoming R81, as far as I know.

Is ZeroTouch combined with a CLISH script a (more) viable solution ?

Hello all, 

We are facing the same issue with massive deployment. What we need to automate is the creation of smb gateways on the management server. 

Since we need specific nat and access rules, we can't use the SMP api. 95% of the automation process is working fine with the SMS API but the smb object creation is the missing peace on this puzzle.

Does somebody know if this API feature is planned to be implemented soon ?

Best regards, 

I don't believe it's in the near term plan but @Omer_Kleinstern would know for sure.
Regardless, I recommend engaging with your local Check Point office around this requirement.

I think if you are deploying a large number of gateways like this then have a look at sk116136 - I have used this and adjusted some of the scripting to suit my needs.... We can now ship a box to site and plug in and it builds and applies policy to the device as required.... uses zerotouch, smartprovisioning, lsmcli and some tweaks to the python scripts to get this done... but very little user iteraction is required.

Hello Dan, 

It sounds good. Thank you for helping!