AnsweredAssumed Answered

problem adding interoperable device via web API

Question asked by Michael Nemeth on Feb 1, 2019
Latest reply on Feb 21, 2019 by Matteo Martini

Hello Guys

I am trying to create interoperable device via python web API (I have v1.1)

I have this payload to put into commend 'add-generic-object'

object = {
    'create': 'com.checkpoint.objects.classes.dummy.CpmiGatewayPlain',
    'name': deviceName,
    'ipaddr': deviceIP,
    'thirdPartyEncryption': True,
    'osInfo': {
        'osName': 'Gaia'
    'vpn': {
        'create': 'com.checkpoint.objects.classes.dummy.CpmiVpn',
        'owned-object': {
            'vpnClientsSettingsForGateway': {
                'owned-object': {
                    'endpointVpnClientSettings': {
                        'owned-object': {
                            'endpointVpnEnable': True
            'ike': {
                'create': 'com.checkpoint.objects.classes.dummy.CpmiIke',
            'sslNe': {
                'create': 'com.checkpoint.objects.classes.dummy.CpmiSslNetworkExtender',
                'owned-object': {
                    'sslEnable': False,
                    'gwCertificate': 'defaultCert'
            'isakmpIpcompSupport': True,
            'isakmpUniversalSupport': True,
    'dataSourceSettings': None,
    'nat': None,
    'encdomain': 'ADDRESSES_BEHIND_GW',
    'ignore-warnings': True,
    'color': color.upper()}


After I run script, object is visible in Interoperable devices, but I cannot use is. It is NOT visible when I try it add to VPN communities and also when I try add VPN community to this object it ends with error: A blocking validation error was found: Gateway does not comply to 'Participant Gateways' of Meshed community. In order to comply the gateway needs to be VPN installed and of type Host / Gateway / Cluster / Interoperable device.


Object can be 'fixed' via GUI by setting IPSec VPN -> Traditional mode configuration -> Select some enc and hash  (i.e. 3des sha1) -> OK, But I cannot find the way set this through set-gneric-object


this does not work:

{'uid': objectUID, 'vpn' : {'ike' : {'isakmpHashmethods': ['SHA1']}}}

what am I doing wrong? Via dbedit it works, but I would like to use clearer way ...