This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gravytar
Participant
2 weeks ago
Jump to solution

Run Script on SMB Appliance via Smart-1 Cloud API

Hi Everybody,

We have a script to collect inventory information from gateways (Gaia and Spark/SMB) via the onPrem management server. For that we use the cprid_util utility to execute the commands remotely from the management server.

When using Smart-1 Cloud Management Service, we need a replacement for this. What I've tried so far:

- ManagementAPI/run-script with target Smart-1 cloud utilizing the old cprid_util: Not supported (https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...)

- ManagementAPI/run-script with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB

- ManagementAPI/gaia-api with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

Is there any way to authenticate once to the Smart-1 Cloud service and then use this authentication to run commands on a connected gateway that works for Gaia and SMB?

Thanks for any ideas

 

0 Kudos
1 Solution

Accepted Solutions
Gravytar
Participant
Tuesday
In response to PhoneBoy
Jump to solution

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

View solution in original post

0 Kudos
7 Replies
Oliver_Fink
Advisor
Advisor
2 weeks ago
Jump to solution

@Gravytar wrote:

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB

It is even worse. There exists a rudimentary Gaia API for embedded systems. But only if they are locally managed. Does this make sense to anyone?

Here is the link for R81.10.X: R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide 

0 Kudos
Gravytar
Participant
2 weeks ago
In response to Oliver_Fink
Jump to solution

And this API even supports the command "run-clish-command" which would fullfill my needs. Time for RFE.

0 Kudos
PhoneBoy
Admin
Admin
2 weeks ago
In response to Oliver_Fink
Jump to solution

Pretty sure that API also works on centrally managed as well.

0 Kudos
Gravytar
Participant
Friday
In response to PhoneBoy
Jump to solution

I checked it:

I enabled the rest-api. "show rest-api" gives me "mode on"

# curl -k --json '{"user": "...", "password": "..."}' https://[IP_of_Appliance]:4434/web-api/login
{"messages":false,"errors":["Web server error"],"errorCode":"system_error"}

It works so far that it gives me an error in JSON format.

0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to Gravytar
Jump to solution

Did you actually enable the API first on the device?

0 Kudos
Gravytar
Participant
Tuesday
In response to PhoneBoy
Jump to solution

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

0 Kudos
Danny
MVP Gold
MVP Gold
2 weeks ago
Jump to solution

This is a well-known limitation of Smart-1 Cloud, but you can easily work around this.
Instead of trying to collect this data centrally, configure scheduled scripts on your SMB devices, that will collect and send you the required data. Alternatively you can configured scheduled SSH-logins to collect the required data centrally via a SSH connection to your SMB devices.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events