Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

GAIA - Easy execute CLI commands on all gateways simultaneously

HeikoAnkenbrand
Champion Champion
Champion

Now you can use the new command "gw_mbash" and "g_mclish" to execute bash or clish commands on all gateway simultaneously from the management server. All you have to do is copy and paste the above lines to the management server. After that you have two new commands on the management server. Here you can now centrally execute simple commands on all gateways which are connected via SIC with the management.

escc123.JPG

Attention!

You can quickly destroy you

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(1)
64 Replies

HeikoAnkenbrand
Champion Champion
Champion

 

Hi  @G_W_Albrecht 

Unfortunately I don't have a TX applinace in the LAB to test it. Could you send me the first lines from objects.C to TX appliance?  I search via grep for :gateway. Maybe it's a little different with the TX appliance.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend
: (TXer
:type (host)
:custom_fields (
: (
:custom_field_id (ReferenceObject
:Uid ("{739B70D5-7B76-48D2-96CC-FB647074F524}")
:Name ("Contact Details")
:Table (NO_CPMI_TABLE)
)
)
: (
:custom_field_id (ReferenceObject
:Uid ("{E07938DB-1EB1-461A-A78D-36EE34A8CC5D}")
:Name (Name)
:Table (NO_CPMI_TABLE)
)
)
)
:fw_clamp_tcp_mss_control (false)
:UA_WebAccess (false)
:cpver (9.0)
:appfw_limit_chunk_size_factor (2)
:av_integrated (f...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @G_W_Albrecht ,

Thanks for objects.C output.

I thought so! The TX Appliances has the type ":type (host)" and not ":type (gateway)"

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

I search with grep for the following:

grep -A 500 -B 1  ':type (gateway)'

 

I'll have to take a closer look in the next few days.

Regards

Heiko

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Ingor_Kolzov
Explorer

Hello  @HeikoAnkenbrand 

I can confirm that the TE appliance is not recognized.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

Hi @G_W_Albrecht 

I had found an other way to parse gateways on R80:

 


   mgmt_cli -r true show gateways-and-servers details-level full --format json | $CPDIR/jq/jq -r '.objects[] | select(.type | contains("Member","simple-gateway")) | ."ipv4-address"'
  

 

 

I will add this after Easter holidays.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

If necessary I have to adjust the filter a little bit.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Zoltan_Polowsky
Participant

 

Hello @HeikoAnkenbrand 

This solution only works on R80 and above, doesn't it?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend Legend
Legend

Yes, this works very good ! Also gets the TE  appliance...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Kai_O_
Participant

Great new commands 😁

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Joerg_Enge
Participant

Is the command name g_mclish or gw_mclish?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

gw_mclish is the correct command.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Caytana_Dewente
Participant

The new commands are very great.

Thanks
Caytana

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ilan_Missalla
Participant

Hello  @HeikoAnkenbrand,

The command gw_detect80 works very fast and well. TE applicances are not recognized.

Regards

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

The new version 0.4 with the command gw_detect80 is available.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Talma_Maharam
Explorer

SMB Appliances are not recognized. Can you please change that?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Tarique_Ali
Explorer

Hi  @HeikoAnkenbrand 

We have over 100 gateways in use worldwide. That makes life easier for me with many things. I can finally execute commands centrally on the gateways.

It's a great idea.

Thank you

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Alex_Koszowyj
Explorer

Is this a R80.30 command?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Regi_Suhm
Participant

Can I use this tool under R80.30?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Frank_Allen
Employee Alumnus
Employee Alumnus

Interesting script, I would suggest that the resulting scripts made be put into "/usr/bin" instead of "/usr/local/bin", I checked the PATH variable and found that "/usr/local/bin" is not included for some users.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion Champion
Champion

Thanks @Frank_Allen 

I check this in the next few days.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ilan_Missalla
Participant

Very nice command extension.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ruta_Thornber
Explorer

Great tool.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Maria_Pologova
Collaborator

Great job!

Is it in roadmap to add support for MDS as well? 🙂 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Declan__McGill
Contributor

Here is a quick and dirty mod for MDS R77.30 

 

#!/bin/bash

#  mds_gw_detect (R77)

 

# export all Check Point environment variables
. /opt/CPshared/5.0/tmp/.CPprofile.sh

# go to MDS context
mdsenv
mcd

if [[ -f /var/log/g_mds_gws.txt ]]; then
rm /var/log/g_mds_gws.txt
fi
# iterate over the customers
for CMA_NAME in `$MDSVERUTIL AllCMAs`
do
mdsenv $CMA_NAME
echo Searching thru $CMA_NAME
$MDSDIR/bin/cpmiquerybin attr "" network_objects "class='gateway_ckp'|class='cluster_member'|class='vs

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Maria_Pologova
Collaborator

Slightly modified and now works for me, just one CMA, where only one VS is connected is failing with the below error. Will need to look at it closer.

cma-XXX-p
cma-XXX-p Error: 'Failed
cma-XXX-p
cma-XXX-p Error: 'Session
cma-XXX-p
cma-XXX-p Usage:
cma-XXX-p cpmiquerybin <query
cma-XXX-p
cma-XXX-p Examples:
cma-XXX-p - print
cma-XXX-p cpmiquerybin object
cma-XXX-p - print
cma-XXX-p cpmiquerybin attr
cma-XXX-p

 


   -----detect----- #!/bin/bash #export all Check Point environment variables . /opt/
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Kelvin_Spinosu
Explorer

Top idea!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Alex_Lam1
Contributor

Nice! 

Thanks for the tips.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Norbert_Bohusch
Advisor

The script is not taking into account if the Gaia WebUI port was changed from 443 to something different.

This should be either fetched from clish using "show web ssl-port" or by making it at least configureable by variable or a parameter.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ben_Connelly
Explorer

Hi,

I am having running this on R80.30 MDM, is it supported on Multi-Domain?

Thanks

Ben

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos