AnsweredAssumed Answered

Missing API possibility to set vpn-community-star objects

Question asked by Kim Moberg on May 2, 2018
Latest reply on May 3, 2018 by Robert Decker

Hi 

 

First of all, thank you for fantastic help from both Dameon Welch Abernathy and Robert Decker for getting me started with using Check Point R80 API.

 

It have been a blast to actually being able to make a useful script which can help one in daily work, and especially save not doing the same two times. :-)

 

In my other check mate entry on how to create a interoperative device https://community.checkpoint.com/thread/7668-how-to-add-interoperative-device-via-api I have actually been able to solve 4-5 of my manual steps. And I am happy to share with your my result so other might be inspired to other work themselves..

 

Today I have found a limitation to setting encryption object on my vpn-community. Some of the fields are available and other aren't.

For example I am not able to set Perfect Forward Secrecy with DH group. It simply doesn't exist while trying to print out JSON using mgmt_cli -u admin show vpn-community-star <name of community> where I have this setting enabled. 

 

UNABLE TO RUN QUERY

[Expert@gwmgmt:0]# mgmt_cli -u admin show vpn-community-star name "WP-Blaesbjerg"

Password:

code: "generic_internal_error"

message: "Internal error. For more info search for incident [1cde990d-5ab2-433c-af65-0b3b2750ecec] in log file"

 

 

 

 

 

It simply doesn't exist in the API

Missing possiblity to set

mgmt_cli -u admin set vpn-community-star name testVPN ike-phase-2.diffie-hellman-group "group 5"

 

I cannot automate via API to set exclude services in the set vpn-community-star

 

 

 

 And unable to set advanced settings as rekey keys for IKE and IPSEC and also disable NAT.

 

 

 

Do you have any workaround for setting these parameter or when can one expect to have these features enabled in the next version of API??

 

Thanks

Kim

Outcomes