Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

GAIA - Easy execute CLI commands on all gateways simultaneously

HeikoAnkenbrand
Champion Champion
Champion

Now you can use the new command "gw_mbash" and "g_mclish" to execute bash or clish commands on all gateway simultaneously from the management server. All you have to do is copy and paste the above lines to the management server. After that you have two new commands on the management server. Here you can now centrally execute simple commands on all gateways which are connected via SIC with the management.

escc123.JPG

Attention!

You can quickly destroy you

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(1)
1 Solution

Accepted Solutions

HeikoAnkenbrand
Champion Champion
Champion

Hi  @G_W_Albrecht 

I've split the command in two.

gw_detect -> Writes all IP addresses of the gateways to the file /var/log/g_gateway.txt

gw_mclish or gw_mbash ->  Executes the command remotely only now.

Now you can edit the file /var/log/g_gateway.txt twith the gateway IP addresses.

Regards

Heiko

 

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


64 Replies

Y__Bakisli
Explorer

Is it possible to add backup jobs over the clish for all gateways?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Yes, exactly for such purposes I created this script.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi  @Y__Bakisli 

For example you can backup all GAIA gateway clish configs with "g_multicli show configuratinon > config_backup.txt" to the management server.

😀

Regards

Heiko

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dawei_Ye
Collaborator
brilliant.but destroy faster.hahah... ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Dan_Deutzmann
Participant

We have 70 firewalls worldwide and I have to back up the clish configuration weekly.

That's a brilliant solution.

Thanks

Dan

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Here a other interresting version:

Easy execute CLI commands from management on gateways!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Maarten_Sjouw
Champion
Champion
Heiko,
This really is a very useful add-on to the cprid_util, Is there a way to differentiate between SMB and normal GAIA gateways?
Command structure is quit a bit different.
I know that we can continue that path with versions etc, but this distinction would be a great add-on. ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Patrik_Sobol
Explorer

This is a very great script.

I have started a local snapshot at all gateways without to do this on 30 appliances manually.

# g_multicli add snapshot R80.10_20190415

Thanks

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

Nice script, but SMB GWs are an issue here: File with GW IPs only contains the SMB GW encountered first, so only an error for the SMB GW is displayed, as no other GW got listed...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi  @G_W_Albrecht 

I'll see how I can fix this bug. 

I need to find a parameter in objects.C that can be used to identify SMB appliances.

Thanks

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

You can discriminate SMB GWs in Objects.C by the parameter

:slim_fw_hardware_type

that is not present in GAiA GWs. Values can be e.g. ("1430/1450") as slected in Dashboard or (CIP) for 1200R.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @G_W_Albrecht,

I already tested with this parameter. Unfortunately it is not set at all SMB appliances.

I need a parameter that is unique on real gateway. I must find it with grep.

I compared  with diff  gateway objects 3 hours on the weekend  . I didn't find any parameter:-(

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


JozkoMrkvicka
Authority
Authority

I am sure that dbedit or cpmiquerybin can help in this case 🙂 I will have a look on that over the weekend.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

I have found another solution and I check now that gaia works on the gateways.

 
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Saleme_Sabaj
Participant

I tested it today and it saves a lot of work.

Nice, nice, nice!

Thank you.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Saleme_Sabaj
Participant

Check Point should include the commands in R80.30:-)

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


_Val_
Admin
Admin

I see two issues with this suggestion:

 

1. g_ sintax is reserved for multi-SGM commands on Scalable Platforms and Maestro

2. R80.30 is closed now 🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

 

Hi  @_Val_

You're right the g_ syntax is used with 64k/61k/44k/41k and maestro.

I'll change this to gw_ in the next few days.

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


_Val_
Admin
Admin

@HeikoAnkenbrand Fine we me 🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @_Val_ 

I have renamed the commands as follows:

gw_mbash

gw_mclish

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi  @Saleme_Sabaj 
Hi  @_Val_ 

Maybe with the version R80.40:-)

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Felix_Lohse
Explorer

nice script

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Marco_Valenti
Advisor

outstanding work as usual , thanks , there is a way that this can be used in a multi domain environment?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

Now it works with SMB GWs present, too - only that gw_multi_commands.sh had issues:

First try, script stopped because of \r found in line 17 - after removing this line, it stopped with:

chmod: cannot access '/usr/local/bin/gw_mclish': No such file or directory

After adding Return/LF to the chmod line, issue was resolved.


[Expert@SMS8010:0]# gw_mbash fw ver
--------- STOP 172.27.39.126 Error: no SIC to gateway or no compatible gateway

#### a 730 SMB

--------- GAIA 172.27.3

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

RFE: It is nice to automatically generate the g_gateway.txt file, but a bit too much that it is generated anew with every gw_mbash call ! A user editable g_gateway.txt file could:

- leave out SMB GWs

- leave out GWs that better are not included here 😉

- help to workaround issues

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi  @G_W_Albrecht ,

You're right, it's all a little too much.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi  @G_W_Albrecht 

I've split the command in two.

gw_detect -> Writes all IP addresses of the gateways to the file /var/log/g_gateway.txt

gw_mclish or gw_mbash ->  Executes the command remotely only now.

Now you can edit the file /var/log/g_gateway.txt twith the gateway IP addresses.

Regards

Heiko

 

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

I also fixed the issue with the IPv6 addresses.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

A tip on the top of my head for Heiko 😉

Now it will be very nice to handle, and i can addd my TX100 that still is not found manually !

gw_detect.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free