This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TCS-DNB
Explorer
‎2023-10-26 02:51 AM
Jump to solution

Need to add bond interface into zone using CLI or API Connect

Hi Team,

 

I am working on adding the bond interfaces into zoning groups as per there environment.

Right now we have multiple Virtual System containing multiple bonding groups which need to be added into zoning groups.

Can anyone tell me if i can use API calls using python add all the bonding groups into zones which i have created.

 

I am not able to find any article related to adding zone using CLI or API calls.

 

Regards,

Saish

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority
‎2023-10-26 06:41 AM
Jump to solution

The API does not have any support for modifying VS objects right now.

For non-VSX clusters, you would use set-simple-cluster. You need to provide the whole cluster object including all interfaces together. Any interfaces not in your list get removed from the object. You want .interfaces' "List: Object" parameter form. You will probably want to set security-zone to true and security-zone-settings.specific-zone to the UUID of the zone you're trying to set.

For single firewalls not in a cluster, it's basically the same, but the call is set-simple-gateway.

Separately, I urge you to reconsider this. Security zones give you a lot of ways to shoot yourself in the foot really impressively. They cause the same traffic to behave differently depending on which interface it arrives at the firewall. Using them is a mistake, and adding them to a policy which doesn't use them today is a bad idea.

View solution in original post

0 Kudos
1 Reply
Bob_Zimmerman
Authority
Authority
‎2023-10-26 06:41 AM
Jump to solution

The API does not have any support for modifying VS objects right now.

For non-VSX clusters, you would use set-simple-cluster. You need to provide the whole cluster object including all interfaces together. Any interfaces not in your list get removed from the object. You want .interfaces' "List: Object" parameter form. You will probably want to set security-zone to true and security-zone-settings.specific-zone to the UUID of the zone you're trying to set.

For single firewalls not in a cluster, it's basically the same, but the call is set-simple-gateway.

Separately, I urge you to reconsider this. Security zones give you a lot of ways to shoot yourself in the foot really impressively. They cause the same traffic to behave differently depending on which interface it arrives at the firewall. Using them is a mistake, and adding them to a policy which doesn't use them today is a bad idea.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events