- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Checkmates community,
My name is Gregory, my group and I are responsible for different tools for machine provisioning and monitoring like – CPUSE, CDT, Zero Touch, Blink, CPveiew and more…
In this post I would like to talk to you about a “new-ish” capability that we introduced in recent version that allows you to keep you Gaia Security Gateways up to date from the comfort of your smart console.
Starting R81, we have added the option to install Hotfixes and Major version to a multiple gateways and clusters (while performing all needed operation to ensure zero down time)
You can check a short video that describes this capability
I’m reaching out in order for me and my group to get feedback about this capability –
Thanks,
Gregory
Yes, with R80.40 only Jumbo fixes are the option. Unfortunately, error message got already washed away. Well, if I will encounter another error with next Jumbo fix, I will post the update.
In my view automation is about tools like ansible not clicking buttonds in SmartConsole. So how can we do real automation here? For example ansible playbooks to managed this all.
I respectively disagree, the automation is not only about ansible. 🙂
In this specific case, please let us know which APIs and automation related feature you miss. And I hear what you said already, you do want this to be present in ansible.
I can kind of see the distinction. This feels like mechanization: a machine doing an exact series of steps under human direction. A human must still initiate the process via SmartConsole, right?
In the future, it would be nice if we could build a longer workflow, especially with integration with other tools. New GA jumbo release? A tool opens a series of tickets in my ticket tracking system. When the tickets are approved through my change control process, another tool schedules the upgrades to be executed in waves (this group of firewalls first, then the next group a week later, then another group a week after that, and so on) via CDT in appropriate windows for each firewall.
It would be nice to have API calls to:
@Gregory_Azratz this is for you 🙂
Hi @Bob_Zimmerman ,
thanks for the feedback.
it would be great if we can have a short session so we can fully understand how you currently install/upgrade your CP systems.
and what will be the perfect solution for you.
regarding the API calls -
I've mostly been targeting APIv1.3, and it turns out I completely missed the Software Package section in the APIv1.7 documentation. Neat!
For the "Get a list of packages available on the User Center" part, it doesn't have to be an API call against the management server. It could be against some well-defined public endpoint. I just want some way to get the authoritative list of "Here's all the official packages" to programmatically discover that I'm missing an update without a human having to read an SK article. I then want to use this knowledge to file a bunch of tickets via my ticket tracking system's API. Ideally, the first awareness a human should have of this is "Hey, we have a firewall update scheduled. Does that date conflict with anything else?"
I guess I can get the major and minor version from the objects in the management. The human-defined property shouldn't ever be incorrect, or policy push wouldn't work properly. All I'm really missing now is the ability to identify that there's a newer version out and get the name of the newer package to feed to the rest of the calls.
Hi @Hugo_vd_Kooij ,
regarding automation - we are always trying to work on API first approach.
so for each option that you see in the smart console there is an API command that can do the same and much more.
on top of that API you can use any tool that fits your need - Ansible, Terraform, etc..
you can check the following api documentation
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY