Have you ever wondered using curl_cli to issue Management API HTTP POST requests?
In this article you learn using curl_cli issueing API calls against a Smart-1 Cloud management tenant. You can easily adapt the commands to meet Smart-1 Management or Multi-Domain Management scenarios.
The example changes the Threat Prevention rule action from using Optimized profile to use a custom profile and changes the destination 'any' to be a dedicated host object.
I used this website to learn about using CURL to run HTTP POST. This website helps checking JSON format and here you can learn about JQuery.
I documented the below outlined list of actions in this video here.
- Get your Smart-1 Cloud Management API context
Find the context under the settings menu of your tenant
- Create an administrative permission profile for the API user and limit access rights as much as possible
- Create an API user ID with a limited validity time and generate an API key for it
- Create a working temporary directory on Gaia
# mkdir /var/log/tmp/automation
- Create simple JSON formated files to be used as HTTP POST payload
add-host JSON
{
"name" : "New Host 4",
"ip-address" : "192.0.2.4"
}
An empty JSON file has just {}
- Define environment variables
export VAR_mgmt_context= < context ID from Smart-1 Cloud tenant >
export VAR_mgmt_api_user_key= < API key generated before >
- Define environment variable holding the API Session ID
Perform an API login to the management server and capture the output to a JSON formatted file
curl_cli -X POST -H "content-Type: application/json" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/login -d '{ "api-key":"'$VAR_mgmt_api_user_key'" }' > ./api_session.json
Extract the session ID from the JSON formatted file and create a file holding only the Session ID
cat api_session.json | jq -r '."sid"' > ./sid_file.id
Export environment variable based on content of this file - note ` signs are embracing sid_file.id
export VAR_mgmt_sid=`cat sid_file.id`
- Set session description using 'set session'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/set-session -d @./setSession
- Add a host using relevant 'add host' API call
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/add-host -d @./addhost
- Learn about existing policy packages 'show packages' or check the name using SmartConsole
- Check the output for the package you want to modify and query details of this selective 'policy package'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/show-package -d @./showPackage
- Capture the name of the Threat Prevention Layer and create the required JSON file
- Query details of the Threat Prevention Layer rule base using 'show-threat-rulebase'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/show-threat-rulebase -d @./showThreatRuleBase
- Capture the rule number and profile selected in the action settings
- Query to learn the existing Threat Prevention Profiles using 'show-threat-profiles'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/show-threat-profiles -d @./showGenericLimit
- Query details of the Threat Prevention Rule using 'show-threat-rule'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/show-threat-rule -d @./showThreatRule
- Extract information about the profile you want to define as action for this rule
- Create a JSON file with the name of the profile and destination settings
{
"layer" : "QuantumNetwork Threat Prevention",
"rule-number" : 1,
"destination" : {
"add" : ["Lab_Web_Server"]
},
"action" : "PerimeterLab"
}
- Change Threat Prevention rule using 'set-threat-rule'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/set-threat-rule -d @./setThreatRule
- Publish changes using 'publish'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/publish -d @./emptyJSON
- Logout from this API session 'logout'
curl_cli -X POST -H "content-Type: application/json" -H "X-chkp-sid: $VAR_mgmt_sid" -k https://ngtx-emea-ahtaic1e.maas.checkpoint.com/$VAR_mgmt_context/web_api/logout -d @./emptyJSON