AnsweredAssumed Answered

how to use the web api to run the run-script

Question asked by Chris Williams on Jan 18, 2018
Latest reply on Dec 10, 2018 by Brian Deutmeyer

I have a question about how to use the web api to run the run-script. We have a security concern with our current setup. We are using “Check Point's software version R80.10 - Build 423”. Integrated with Aruba and the identity access blade.


We have a beautiful integration with Aruba sending a post to Check Point, and then removing it when a user logs out. This is using json to post to the cluster vip. For my setup (/_IA_API/v1.0/add-identity)


{"shared-secret":"abc123","user":"Tom Cruise","ip-address":"","machine":"Toms_Host","machine-os":"Microsoft Windows 7 Enterprise Edition","host-type":"Windows 7","identity-source":"ARUBA ClearPass Policy Manager","session-timeout":555,"user-groups":["aruba-guest-group"],"machine-groups":["aruba-guest-machine"],"roles":[],"fetch-user-groups":0,"fetch-machine-groups":0}


The gap comes with any existing sessions/connections, they do not get closed ie: remain open.

New ones are blocked. What we came up with is to use a web api post to run-script.


From the link it looks simple enough.


(POST https://<mgmt-server>:<port>/web_api/run-script)

POST {{server}}/run-script

Content-Type: application/json

X-chkp-sid: {{session}}


  "script-name" : "Script Example: List files under / dir",

  "script" : "ls -l /",

  "targets" : [ "corporate-gateway" ]



So theoretically it looks possible… I would ideally like to send the same src as what is in the post above… ie: "ip-address":"%{Connection:Client-IP-Address}"

fw sam -v -t 60 -J src x.x.x.x


So far, no matter what I try I always get:




        <title>404 Not Found</title>



        <h1>Not Found</h1>

        <p>The requested URL /run-script was not found on this server.</p>




In a video this was mentioned at around 35:00, but I cannot seem to find the corresponding code.

How to use R80.10 API for Automation and Streamlined Security (Video)

SAM block commands


All along, I have been trying to do this on the gateways… Cluster VIP. In reviewing. It looks like maybe I need to do this on the management server ip. If I do this. Wouldn’t I need to publish?


If I run this on the management server:




        <title>403 Forbidden</title>




        <p>You don't have permission to access /web_api/run-script

on this server.

            <br />





Anybody have an idea to help close this gap?