Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gravytar
Participant
Jump to solution

Run Script on SMB Appliance via Smart-1 Cloud API

Hi Everybody,

We have a script to collect inventory information from gateways (Gaia and Spark/SMB) via the onPrem management server. For that we use the cprid_util utility to execute the commands remotely from the management server.

When using Smart-1 Cloud Management Service, we need a replacement for this. What I've tried so far:

- ManagementAPI/run-script with target Smart-1 cloud utilizing the old cprid_util: Not supported (https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...)

- ManagementAPI/run-script with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB

- ManagementAPI/gaia-api with target the gateway: Works only on Gaia, not on Gaia embedded / SMB

Is there any way to authenticate once to the Smart-1 Cloud service and then use this authentication to run commands on a connected gateway that works for Gaia and SMB?

Thanks for any ideas

 

0 Kudos
1 Solution

Accepted Solutions
Gravytar
Participant

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

View solution in original post

0 Kudos
7 Replies
Oliver_Fink
Advisor
Advisor

@Gravytar wrote:

- GaiaAPI: Is only supportet on Gaia, not on Gaia embedded / SMB


It is even worse. There exists a rudimentary Gaia API for embedded systems. But only if they are locally managed. Does this make sense to anyone?

Here is the link for R81.10.X: R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide 

0 Kudos
Gravytar
Participant

And this API even supports the command "run-clish-command" which would fullfill my needs. Time for RFE.

0 Kudos
PhoneBoy
Admin
Admin

Pretty sure that API also works on centrally managed as well.

0 Kudos
Gravytar
Participant

I checked it:

I enabled the rest-api. "show rest-api" gives me "mode on"

# curl -k --json '{"user": "...", "password": "..."}' https://[IP_of_Appliance]:4434/web-api/login
{"messages":false,"errors":["Web server error"],"errorCode":"system_error"}

It works so far that it gives me an error in JSON format.

0 Kudos
PhoneBoy
Admin
Admin

Did you actually enable the API first on the device?

0 Kudos
Gravytar
Participant

Yes. I tried on several devices. On one I got a response with a SID, on all others I got the "Bad Request" error.

So, I gave up the API calls and changed my script to visit all appliances via SSH. That works on all appliances (Gaia and Embedded) and is compatible with the former cprid_util call.

0 Kudos
Danny
MVP Gold
MVP Gold

This is a well-known limitation of Smart-1 Cloud, but you can easily work around this.
Instead of trying to collect this data centrally, configure scheduled scripts on your SMB devices, that will collect and send you the required data. Alternatively you can configured scheduled SSH-logins to collect the required data centrally via a SSH connection to your SMB devices.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events