- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Adding sub-interface vlan via mgta_cli
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adding sub-interface vlan via mgmt_cli
Im new in Check Points API, i have read some documents and try to add new vlan sub-interface, I tried "add interface eth0 vlan 20", but it doesnt work. How can i do. I can add vlan 10 manually, btw i use R81.20.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To give another example, I present the following GW object, which has the following interfaces defined:
I used the following mgmt_cli command:
mgmt_cli -r true set simple-gateway name "R8120-GW" interfaces.1.name "eth0" interfaces.1.ipv4-address "10.6.5.210" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.topology "external" interfaces.2.name "eth1" interfaces.2.ipv4-address "192.168.100.1" interfaces.2.ipv4-network-mask "255.255.255.0" interfaces.2.topology "internal" interfaces.2.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask" interfaces.3.name "eth2" interfaces.3.ipv4-address "192.168.200.1" interfaces.3.ipv4-network-mask "255.255.255.0" interfaces.3.topology "internal" interfaces.3.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"
The end result:
Note that you might need to pass more parameters to set the interfaces per your specifications.
However, that should be more than enough to get you started.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, and this problem is addressed in R82 with the add-interface endpoint.
Continuing with the above object, let's say I wanted to add eth3.
My call would look something like this:
mgmt_cli -r true add interface name "eth3" gateway-uid "375bebfe-989b-4cd8-80c0-001d2736ccc1" ipv4-address "192.168.150.1" ipv4-mask-length "24" security-zone-settings.auto-calculated "false" security-zone-settings.specific-zone "WirelessZone" topology "internal" topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"
It looks something like this in SmartConsole:
FYI @Omer_Kleinstern when I tried to use ipv4-network-mask instead of ipv4-mask-length in the above, I got a validation error.
I assume this a bug?
Also, it seems that there is no option in the add-interface endpoint (or the set-interface one) to actually enable the specified security zone.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You're doing this from SmartConsole CLI, which is not where you need to enter this command.
Log into the gateway via SSH/console.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply, I used this script to add vlan but it show me the error. Can you check my script and guide me how to do it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems like you're trying to use the clish command in the API to add this interface to the relevant network object.
That's not how to do it.
You must use the set simple-gateway API call and specify ALL the interfaces for that gateway object, including the one you want to add.
In R82, there is an add-interface endpoint where it appears you can add an interface to an existing gateway object.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you make it more clearly? When I use set simple-gateway with my gateway uid, I have parameter interfaces.i. I tried set simple-gateway uid "UID" interfaces.i. ... and it always show error.
I just want to add vlan sub-interfaces, Im using R81.20. When I log into the gateway via console. I use "add interface eth0 vlan 10" and some "set interface ...", it work. I want to try to do it with expert mode (mgmt_cli) to add multiple vlans at once. Can I do it on R81.20?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As stated, you cannot just "add" an interfaces to an existing simple-gateway object.
Your API call must include ALL the interfaces (both existing and ones you wish to add).
This is specified in the API documentation:
See this thread for an example: https://community.checkpoint.com/t5/Management/How-to-Set-topology-on-a-simple-gateway-using-the-mgm...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To give another example, I present the following GW object, which has the following interfaces defined:
I used the following mgmt_cli command:
mgmt_cli -r true set simple-gateway name "R8120-GW" interfaces.1.name "eth0" interfaces.1.ipv4-address "10.6.5.210" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.topology "external" interfaces.2.name "eth1" interfaces.2.ipv4-address "192.168.100.1" interfaces.2.ipv4-network-mask "255.255.255.0" interfaces.2.topology "internal" interfaces.2.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask" interfaces.3.name "eth2" interfaces.3.ipv4-address "192.168.200.1" interfaces.3.ipv4-network-mask "255.255.255.0" interfaces.3.topology "internal" interfaces.3.topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"
The end result:
Note that you might need to pass more parameters to set the interfaces per your specifications.
However, that should be more than enough to get you started.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see, so every time I add interface, I need to define the old interface and the new interface. I find that quite inconvenient. For example, if I already have 10 interfaces and want to add 10 new interfaces, I will use an API call for 20 interfaces. However, thanks for the helpful solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, and this problem is addressed in R82 with the add-interface endpoint.
Continuing with the above object, let's say I wanted to add eth3.
My call would look something like this:
mgmt_cli -r true add interface name "eth3" gateway-uid "375bebfe-989b-4cd8-80c0-001d2736ccc1" ipv4-address "192.168.150.1" ipv4-mask-length "24" security-zone-settings.auto-calculated "false" security-zone-settings.specific-zone "WirelessZone" topology "internal" topology-settings.ip-address-behind-this-interface "network defined by the interface ip and net mask"
It looks something like this in SmartConsole:
FYI @Omer_Kleinstern when I tried to use ipv4-network-mask instead of ipv4-mask-length in the above, I got a validation error.
I assume this a bug?
Also, it seems that there is no option in the add-interface endpoint (or the set-interface one) to actually enable the specified security zone.
data:image/s3,"s3://crabby-images/019bd/019bd9ab73d195a3accdae71d7bfec9ac2f0680a" alt=""