Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Moudar
Advisor
Jump to solution

API commands on gateways

Hi

If I want to get info with json of my gateway interface I run this command:

mgmt_cli -r true show interface name "eth0" --context gaia_api --version 1.7 --format json

This command should run on mannagement server or gateway it self?

If i run it on management server I get this:

[Expert@SMS-TEST-API:0]# mgmt_cli -r true show interface name "eth0" --context gaia_api --version 1.7 --format json
{
   "code" : "generic_error",
   "message" : "Error 503. The Management API service is not available. Please check that the Management API server is up and running."
}

even if api status is this:

[Expert@SMS-TEST-API:0]# api status
------------
API Settings:oubleshooting data, please run 'api status -s <comment>'
---------------------
Accessibility:                      Require local
Automatic Start:                    Enabled

Processes:

Name      State     PID       More Information
-------------------------------------------------
API       Started   17939
CPM       Started   17939     Check Point Security Management Server is running and ready
FWM       Started   17559
APACHE    Started   16609

Port Details:
-------------------
JETTY Internal Port:               54316
JETTY Documentation Internal Port: 56451
APACHE Gaia Port:                  443

Profile:
-------------------
Machine profile:                   Small Medium env resources profile
CPM heap size:                     1280m

                          Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

and gaia api:

[Expert@SMS-TEST-API:0]# gaia_api status

API Status:
---------------------
Build: cp991255069
Uptime: 2 days, 0:36:33.266998
Current Sessions: Unknown
Latest Version: 1.6

Processes:

Name           State        PID
---------------------------------
GAIA_API       Started      16712
GAIA_API_DOCS  Started      16710
APACHE         Started      16609
CONFD          Started      16607
CLISHD         Started      55921 16675
CELERY         Started      16674
REDIS          Started      16678

Port Details:
-------------------
APACHE Gaia Port:         443

--------------------------------------------
Overall API Status: Stopped
- Error: Apache server unreachable
- Warning: Documentation server is unreachable
--------------------------------------------

 if irun the command directly on the gateway i get this:

[Expert@A-GW-TEST:0]# mgmt_cli -r true show interface name "eth0" --context gaia_api --version 1.7 --format json
Error: Failed to login to the management server
[Expert@A-GW-TEST:0]# gaia_api status

API Status:
---------------------
Build: cp991255069
Uptime: 0:03:47.452001
Current Sessions: 0
Latest Version: 1.6

Processes:

Name           State        PID
---------------------------------
GAIA_API       Started      18650
GAIA_API_DOCS  Started      18648
APACHE         Started      18581
CONFD          Started      18579
CLISHD         Started      23264 22034 18643
CELERY         Started      18642
REDIS          Started      18646

Port Details:
-------------------
APACHE Gaia Port:         443

--------------------------------------------
Overall API Status: Started
--------------------------------------------

 

So, how and where can I run Gaia API commands?

0 Kudos
1 Solution

Accepted Solutions
Alex-
Leader Leader
Leader

You have no hotfixes and sk143612 which describes the GAIA API states that R81.20 runs 1.6.

As of Take 43, it is updated by AutoUpdater but you can use the SK to download the 1.7 version on your test environment.

You will then have to install 1.7 manually.

View solution in original post

0 Kudos
33 Replies
the_rock
Legend
Legend

Hey bro,

All API commands are ran on the management server.

Andy

0 Kudos
the_rock
Legend
Legend
0 Kudos
Moudar
Advisor
0 Kudos
the_rock
Legend
Legend

But you dont run it on the fw, rather management server to get the data.

0 Kudos
Moudar
Advisor

running it on SMS i get this:

[Expert@SMS-TEST-API:0]# mgmt_cli -r true show interface name "eth0" --context gaia_api --version 1.7 --format json
{
   "code" : "generic_error",
   "message" : "Error 503. The Management API service is not available. Please check that the Management API server is up and running."
}
0 Kudos
the_rock
Legend
Legend

Dont worry, I will test it in the lab once home and let you know, just biking/swimming/running now : - )

Andy

0 Kudos
the_rock
Legend
Legend

Just ttried get interfaces flag, worked like a charm. Btw, dont see show interfaces option anywhere in API guide. Make sure, though most people would never change that, that web UI port for mgmt is NOT anything but 443.

clish -> show web ssl-port

Command I tested:

[Expert@CP-MANAGEMENT:0]# mgmt_cli get-interfaces target-name "CP-GW" with-topology true

Andy

0 Kudos
Moudar
Advisor

so why a command like:

mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json

does not work!

where can i find examples of "target-name" GAIA API or Management API, because i could not find any info there!

0 Kudos
the_rock
Legend
Legend

I dont see show interfaces anywhere in API guide, sorry. Below is what I ran yesterday.

Andy

 

Screenshot_1.png

0 Kudos
Moudar
Advisor

what about these commands, so where do you run these commands?

gaia-api.JPG

0 Kudos
Alex-
Leader Leader
Leader

@the_rock your reference is the Management API, the question here is about the GAIA API.

You run the GAIA API on the gateway with an enabled user used to log into it. This is all described here:

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html#mgmt_cli~v1.7%20

the_rock
Legend
Legend

@Alex- You are 100% correct, my bad. 

@Moudar Let me test one you have issue with, you run it on the gateway.

Andy

0 Kudos
Moudar
Advisor

So, if i run this command on a gateway:

 

[Expert@A-GW-TEST:0]# mgmt_cli -r true show hostname --context gaia_api
Error: Failed to login to the management server

 

or this:

 

[Expert@A-GW-TEST:0]# mgmt_cli show asset --context gaia_api --version 1.7 --format json
Username: admin
Password:
code: "generic_err_command_not_found"
errors: "Requested API command": [v1.7/login] not found'
message: "Command Not Found"

 

 

So, why I am getting these errors!? Version 81.20

0 Kudos
the_rock
Legend
Legend

Stand by, will test it soon in the lab.

0 Kudos
the_rock
Legend
Legend

I get different error, will troubleshoot later once Euro cup final game is done 🙂

Andy

 

[Expert@CP-GW:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
Couldn't connect to server
If you need to use a proxy server, add the '--proxy' parameter
[Expert@CP-GW:0]# mgmt_cli show interfaces --context gaia_api --version 1.7 --format json
Username: amdin
Password:
Couldn't connect to server
If you need to use a proxy server, add the '--proxy' parameter
[Expert@CP-GW:0]#

0 Kudos
Alex-
Leader Leader
Leader

Make sure you allow your user to use the GAIA API, logging in is not enough.

To grant a user with GAIA API access, use the following command in expert mode:

[Expert@hostname]# gaia_api access --user <user> --enable true

https://sc1.checkpoint.com/documents/latest/GaiaAPIs/index.html#api_access~v1.7%20

0 Kudos
the_rock
Legend
Legend

I tested again, same issue, will see what else could be the problem...

Andy

[Expert@CP-GW:0]# gaia_api access -u admin --enable true
[Expert@CP-GW:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
Couldn't connect to server
If you need to use a proxy server, add the '--proxy' parameter
[Expert@CP-GW:0]#

0 Kudos
Moudar
Advisor
[Expert@A-GW-TEST:0]# gaia_api access -u admin --enable true
[Expert@A-GW-TEST:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
code: "generic_err_command_not_found"
errors: "Requested API command": [v1.7/login] not found'
message: "Command Not Found"
0 Kudos
the_rock
Legend
Legend

Thats odd, I ran it again in my lab, no issues.

Andy

[Expert@CP-GW:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
{
"comments": "",
"enabled": true,
"ipv4-address": "172.16.10.249",
"ipv4-mask-length": "24",
"ipv6-address": "Not-Configured",
"ipv6-autoconfig": "Not configured",
"ipv6-local-link-address": "Not Configured",
"ipv6-mask-length": "Not-Configured",
"name": "eth0",
"type": "physical"
}

[Expert@CP-GW:0]#

0 Kudos
Moudar
Advisor

I can now see that I am running the wrong version 1.7

If I run version 1.6 it works:

 

[Expert@A-GW-TEST:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.6 --format json
Username: admin
Password:
{
  "comments": "",
  "enabled": true,
  "ipv4-address": "10.0.0.15",
  "ipv4-mask-length": "24",
  "ipv6-address": "Not-Configured",
  "ipv6-autoconfig": "Not configured",
  "ipv6-local-link-address": "Not Configured",
  "ipv6-mask-length": "Not-Configured",
  "name": "eth0",
  "type": "physical"
}

this is my version:

show version all
Product version Check Point Gaia R81.20
OS build 631
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit

 

So, what version does GAIA_API 1.7 is used for?

0 Kudos
the_rock
Legend
Legend

I think I got it now...not sure if it was command @Alex- gave, though gaia api was enabled for admin, but I realized I was using port 4434 for web UI, changed it to 443, installed policy, ran command he provided, good now...so give it a try @Moudar 

Andy

See below:

 

[Expert@CP-GW:0]# gaia_api access -u admin --enable true [Expert@CP-GW:0]#

[Expert@CP-GW:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
{
"comments": "",
"enabled": true,
"ipv4-address": "172.16.10.249",
"ipv4-mask-length": "24",
"ipv6-address": "Not-Configured",
"ipv6-autoconfig": "Not configured",
"ipv6-local-link-address": "Not Configured",
"ipv6-mask-length": "Not-Configured",
"name": "eth0",
"type": "physical"
}

[Expert@CP-GW:0]# clish
CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock.
CP-GW> show web ssl
ssl-port - Web configuration tool SSL port number
ssl3-enabled - Allow using SSL3 to access the web configuration tool
CP-GW> show web ssl-p
CP-GW> show web ssl-port
web-ssl-port 443
CP-GW>

 

 

0 Kudos
Moudar
Advisor
A-GW-TEST> show web ssl-port
web-ssl-port 443
0 Kudos
Tal_Paz-Fridman
Employee
Employee

In Gaia API context you cannot use -r true flag.

Try running without it to see if works, for example:

mgmt_cli -u <Gaia username> -p <Gaia password> show asset --version 1.7 --context gaia_api

0 Kudos
Moudar
Advisor
[Expert@A-GW-TEST:0]# gaia_api access -u admin --enable true
[Expert@A-GW-TEST:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.7 --format json
Username: admin
Password:
code: "generic_err_command_not_found"
errors: "Requested API command": [v1.7/login] not found'
message: "Command Not Found"
0 Kudos
Moudar
Advisor

I can now see that I am running the wrong version 1.7

If I run version 1.6 it works:

 

[Expert@A-GW-TEST:0]# mgmt_cli show interface name "eth0" --context gaia_api --version 1.6 --format json
Username: admin
Password:
{
  "comments": "",
  "enabled": true,
  "ipv4-address": "10.0.0.15",
  "ipv4-mask-length": "24",
  "ipv6-address": "Not-Configured",
  "ipv6-autoconfig": "Not configured",
  "ipv6-local-link-address": "Not Configured",
  "ipv6-mask-length": "Not-Configured",
  "name": "eth0",
  "type": "physical"
}

this is my version:

show version all
Product version Check Point Gaia R81.20
OS build 631
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit

 

So, what version does GAIA_API 1.7 is used for?

0 Kudos
the_rock
Legend
Legend

What jumbo? My lab is latest, R81.20 jumbo 70.

0 Kudos
Moudar
Advisor
A-GW-TEST> cpinfo -y all

This is Check Point CPinfo Build 914000231 for GAIA
[MGMT]
        No hotfixes..
[IDA]
        No hotfixes..
[CPFC]
        No hotfixes..
[FW1]
        HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
        HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 703
kernel: R81.20 - Build 597
[SecurePlatform]
        No hotfixes..
[CPinfo]
        No hotfixes..
[PPACK]
        No hotfixes..
[AutoUpdater]
        No hotfixes..
[DIAG]
        No hotfixes..
[CVPN]
        No hotfixes..
[core_uploader]
        HOTFIX_CHARON_HF
[CPUpdates]
        BUNDLE_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE        Take:  19
        BUNDLE_HCP_AUTOUPDATE   Take:  58
        BUNDLE_GOT_TPCONF_AUTOUPDATE    Take:  111
        BUNDLE_CPSDC_AUTOUPDATE Take:  21
        BUNDLE_CORE_FILE_UPLOADER_AUTOUPDATE    Take:  17
[cpsdc_wrapper]
        HOTFIX_CPSDC_AUTOUPDATE
[hcp_wrapper]
        HOTFIX_HCP_AUTOUPDATE
0 Kudos
the_rock
Legend
Legend

Install take 70, reboot and Im sure it will work.

Andy

[Expert@CP-GW:0]# cpinfo -y fw1

This is Check Point CPinfo Build 914000248 for GAIA
[FW1]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 70
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 032
kernel: R81.20 - Build 040

[Expert@CP-GW:0]#

Anywho, Im going to watch the final soccer game now, viva Spain 🙂

0 Kudos
Moudar
Advisor

maybe, i will test tomorrow !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events