It have been a blast to actually being able to make a useful script which can help one in daily work, and especially save not doing the same two times. :-)
In my other check mate entry on how to create a interoperative device https://community.checkpoint.com/thread/7668-how-to-add-interoperative-device-via-api I have actually been able to solve 4-5 of my manual steps. And I am happy to share with your my result so other might be inspired to other work themselves..
Today I have found a limitation to setting encryption object on my vpn-community. Some of the fields are available and other aren't.
For example I am not able to set Perfect Forward Secrecy with DH group. It simply doesn't exist while trying to print out JSON using mgmt_cli -u admin show vpn-community-star <name of community> where I have this setting enabled.
UNABLE TO RUN QUERY
[Expert@gwmgmt:0]# mgmt_cli -u admin show vpn-community-star name "WP-Blaesbjerg"
message: "Internal error. For more info search for incident [1cde990d-5ab2-433c-af65-0b3b2750ecec] in log file"
It simply doesn't exist in the API
Missing possiblity to set
mgmt_cli -u admin set vpn-community-star name testVPN ike-phase-2.diffie-hellman-group "group 5"
I cannot automate via API to set exclude services in the set vpn-community-star
And unable to set advanced settings as rekey keys for IKE and IPSEC and also disable NAT.
Do you have any workaround for setting these parameter or when can one expect to have these features enabled in the next version of API??