CPX 360 Wrap-Up
20th April
Check Point
Knowledge Nuggets
As the Cyber World Turns:
A Strategy to Increase Security Efficiency
The New Era of
Email Security
Check Point Harmony
An In-Depth Look
hey
i am working on some automation for FW installation.
one step is connecting to the FW with SSH and run the clish command to set the configuration needed.
my template is based on "show configuration" of a working config.
what i noticed is that after i finished the conifiguration and also install policy all the vlan interface on my Bond are missing.
"show configuration" show everything is configured well
"ifconfig" shows only the bond interface and not bond1.20 interface for example.
the webUI show that those sub-interface at "Type:unknown"
after some try and test i moved the part of the clish template that set the physical interface state on and adding them to the relevant bond group before those sub interface created. this change fixed the issue now the webUI show those interface are "Type:Vlan" as expected.
i am running R77.30
have you found more issues like this with the command order that "show configuration" output ?
i think R&D did not check this scenario
PhoneBoy
The output of show configuration is sorted in a particular way.
However, I do not believe it necessarily accounts for the order the commands would need to be applied on a system.
I think it is expected from this command
Kaspars_Zibarts
Definitely agree - I always had to move things around from show config output when re-creating firewalls in the lab or doing upgrades. But then for me automation was never a target, so I don't have exact steps to follow. I just made sections manually out of the show config, i.e. "general stuff" (DNS, NTP, hostname etc) then "interfaces", then "SNMP", then "users" etc. Then it seemed to work OK.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY