Rajesh B

Expect commands with R80.10 - not working as expected

Discussion created by Rajesh B on Dec 26, 2017
Latest reply on Aug 27, 2018 by Ivan Moore

Hi CheckMates,


I am Rajesh, working as Security Engineer.

Recently we upgraded our CheckPoint appliance from R77.30 to R80.10.

We use EXPECT script in our application to login the CheckPoint device as an admin user and change it to "expert" mode to do further changes in the configurations.

This process of changing into "expert" mode from normal ( CLI ) mode used to work perfectly with previous versions of CheckPoint, but is failing with R80.10.


It get stuck at the Password prompt for "expert" in R80.10 though it used to work with previous versions as I said above.


$ ./cpR80.exp aa.bb.cc.dd admin '*********'
spawn ssh admin@aa.bb.cc.dd
This system is for authorized use only.
admin@aa.bb.cc.dd's password:
Last login: Tue Dec 26 09:57:47 2017 from 10.0.xx.xx
cartier> lock database override
CLICMD0201  Config lock is already turned on.
cartier> expert
Enter expert password:


<<Here this should enter into expert mode, but it is not changed>>




EXPECT script for your reference:


$ cat cpR80.exp

set timeout 60
spawn ssh [lindex $argv 1]@[lindex $argv 0]

expect "yes/no" {
    send "yes\r"
    expect "*?assword" { send "[lindex $argv 2]\r" }
    } "*?assword" { send "[lindex $argv 2]\r" }


expect "*>" { send "lock database override\r" }
expect "*>" { send "expert\r" }
expect "*word:" { send "[lindex $argv 2]\r" }




Can anyone help here on how to troubleshoot this issue or shed some more light if anybody faced the same issue just in case.