AnsweredAssumed Answered

problem adding interoperable device via web API

Question asked by Michael Nemeth on Feb 1, 2019
Latest reply on Feb 21, 2019 by Matteo Martini

Hello Guys

I am trying to create interoperable device via python web API (I have v1.1)

I have this payload to put into commend 'add-generic-object'

object = {
    'create': 'com.checkpoint.objects.classes.dummy.CpmiGatewayPlain',
    'name': deviceName,
    'ipaddr': deviceIP,
    'thirdPartyEncryption': True,
    'osInfo': {
        'osName': 'Gaia'
    },
    'vpn': {
        'create': 'com.checkpoint.objects.classes.dummy.CpmiVpn',
        'owned-object': {
            'vpnClientsSettingsForGateway': {
                'create':
                    'com.checkpoint.objects.classes.dummy.CpmiVpnClientsSettingsForGateway',
                'owned-object': {
                    'endpointVpnClientSettings': {
                        'create':
                            'com.checkpoint.objects.classes.dummy.CpmiEndpointVpnClientSettingsForGateway',
                        'owned-object': {
                            'endpointVpnEnable': True
                        }
                    }
                }
            },
            'ike': {
                'create': 'com.checkpoint.objects.classes.dummy.CpmiIke',
            },
            'sslNe': {
                'create': 'com.checkpoint.objects.classes.dummy.CpmiSslNetworkExtender',
                'owned-object': {
                    'sslEnable': False,
                    'gwCertificate': 'defaultCert'
                }
            },
            'isakmpIpcompSupport': True,
            'isakmpUniversalSupport': True,
        }
    },
    'dataSourceSettings': None,
    'nat': None,
    'encdomain': 'ADDRESSES_BEHIND_GW',
    'ignore-warnings': True,
    'color': color.upper()}

 

After I run script, object is visible in Interoperable devices, but I cannot use is. It is NOT visible when I try it add to VPN communities and also when I try add VPN community to this object it ends with error: A blocking validation error was found: Gateway does not comply to 'Participant Gateways' of Meshed community. In order to comply the gateway needs to be VPN installed and of type Host / Gateway / Cluster / Interoperable device.

 

Object can be 'fixed' via GUI by setting IPSec VPN -> Traditional mode configuration -> Select some enc and hash  (i.e. 3des sha1) -> OK, But I cannot find the way set this through set-gneric-object

 

this does not work:

{'uid': objectUID, 'vpn' : {'ike' : {'isakmpHashmethods': ['SHA1']}}}

what am I doing wrong? Via dbedit it works, but I would like to use clearer way ...

Outcomes