This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bärbel
Participant
‎2023-01-17 08:39 AM
Jump to solution

Output of cprid truncated after receiving 60001 bytes

I use cprid to automate tasks with a bunch of different SMB appliances. This works fine when executing commands with less output (e.g. "show snmp traps receivers") 

But when executing commands with larger output (e.g. "show configuration") the output is silently truncated after exactly 60001 bytes. This seems to be the case only with SMB appliances and is consistent and reproducible across different types of appliances and firmware levels:

This is Check Point's 1450 Appliance R77.20.87 - Build 120
This is Check Point's 1550 Appliance R80.20.50 - Build 773
This is Check Point's 1590 Appliance R80.20.50 - Build 773
This is Check Point's 1800 Appliance R80.20.40 - Build 665

Unfortunately there is no error message or other indicator that the output is incomplete. Full Gaia seems to be not affected.

cprid_util is invoked on SmartCenter Management Server (R81.10 - Build 029)  like this:
cprid_util -server $gw -verbose rexec -rcmd clish -c "show configuration" > $gw.txt

Any advice?

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2023-01-23 03:36 AM
In response to Bärbel
Jump to solution

The output of "show configuration" could be saved to a file and transfered using cprid as found in sk101047.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2023-01-17 01:40 PM
Jump to solution

This is very likely expected behavior, given we do not allow you to run "one-time scripts" on SMB appliances in SmartConsole.
Recommend opening a TAC case to confirm.

0 Kudos
Bärbel
Participant
‎2023-01-18 01:49 AM
In response to PhoneBoy
Jump to solution

I would at least expect an error message or a return code other than 0 in case a command could not completed.

But this raises more questions:

1.) Are there technical reasons that it is "not allowed" (or to quote SmartConsole "not supported") to run scripts on SMB appliances? There are even official sk's where cprid_util is listed as official solution for certain tasks on SMB appliances!

2.) What is the "official" supported way to automate tasks on SMB appliances?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-18 08:35 AM
In response to Bärbel
Jump to solution

The technical reason for the limit on the amount of data returned by cprid is quite likely the limited resources (RAM) the SMB devices have versus our regular, non-SMB gateways.
That, I suspect, is the reason we don't allow this from SmartConsole.
That and the scripts you write for SMB devices would be different.

In any case, you should be able to use cprid with SMB devices, particularly since we document its usage in various SKs.
You'll just have to be mindful of the limit in terms of the amount of data returned by said commands.

The fact this isn't officially documented is an issue, and thus it's worth a TAC case to confirm the above and get it documented in an SK. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-19 08:28 AM
In response to PhoneBoy
Jump to solution

I asked the SMB R&D folks out-of-band about this issue with cprid and it turns out...it's not a limitation they're aware of.
Which means it's likely a bug and will require a TAC case to investigate and fix.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-01-23 03:36 AM
In response to Bärbel
Jump to solution

The output of "show configuration" could be saved to a file and transfered using cprid as found in sk101047.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
scordy
Participant
‎2024-11-17 06:40 PM
Jump to solution

**bleep**! Wish I had read this before I went to the trouble or writing a script to backup / verify that no shifts in CLISH config were occurring without oversight on these devices. I have a very lovely bunch of 60001 byte files ... 😞

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top