Solved: Re: Run Script on SMB Appliance via Smart-1 Cloud ...

Gravytar · ‎2025-09-17

Hi Everybody,

We have a script to collect inventory information from gateways (Gaia and Spark/SMB) via the onPrem management server. For that we use the cprid_util utility to execute the commands remotely from the management server.

When using Smart-1 Cloud Management Service, we need a replacement for this. What I've tried so far:

- ManagementAPI/run-script with target Smart-1 cloud utilizing the old cprid_util: Not supported (https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...)

- ManagementAPI/run-script with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB

- ManagementAPI/gaia-api with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

Is there any way to authenticate once to the Smart-1 Cloud service and then use this authentication to run commands on a connected gateway that works for Gaia and SMB?

Thanks for any ideas

Gravytar

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

View solution in original post

Oliver_Fink · ‎2025-09-18

@Gravytar wrote:

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB

It is even worse. There exists a rudimentary Gaia API for embedded systems. But only if they are locally managed. Does this make sense to anyone?

Here is the link for R81.10.X: R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide

Gravytar · ‎2025-09-19

And this API even supports the command "run-clish-command" which would fullfill my needs. Time for RFE.

PhoneBoy · ‎2025-09-19

Pretty sure that API also works on centrally managed as well.

Gravytar · ‎2025-09-26

I checked it:

I enabled the rest-api. "show rest-api" gives me "mode on"

# curl -k --json '{"user": "...", "password": "..."}' https://[IP_of_Appliance]:4434/web-api/login
{"messages":false,"errors":["Web server error"],"errorCode":"system_error"}

It works so far that it gives me an error in JSON format.

PhoneBoy · ‎2025-09-26

Did you actually enable the API first on the device?

Gravytar

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

Danny · ‎2025-09-18

This is a well-known limitation of Smart-1 Cloud, but you can easily work around this.
Instead of trying to collect this data centrally, configure scheduled scripts on your SMB devices, that will collect and send you the required data. Alternatively you can configured scheduled SSH-logins to collect the required data centrally via a SSH connection to your SMB devices.

Are you a member of CheckMates?

Run Script on SMB Appliance via Smart-1 Cloud API