AnsweredAssumed Answered

How to select a Security profile via API

Question asked by Kim Moberg on May 3, 2018
Latest reply on May 4, 2018 by Tomer Sole

Hi Team

 

I have been working on automating site2site vpn with a Check Point Gateway and an Interoperable device, and setting up a vpn community. 

https://community.checkpoint.com/message/18635-how-to-add-interoperative-device-via-api 

 

The next step my search to complete my use of API is Add my site2site firewall rule to gateway cluster Security policy. 

When I use the active example from the API doc it us being published to the standard security profile. I’ve  multiple profile to each of my rule set per secure gateway.

I have been able find my security profiles by using commands to extract uid. 

https://community.checkpoint.com/message/18729-how-to-find-generic-object-that-is-not-defined-in-the-api 

 

And I also had to find out how to extract and set values I dont find any documentation of.

https://community.checkpoint.com/message/18727-missing-api-possibility-to-set-vpn-community-star-objects

For example how to set ipsec and ike rekey values because Cisco device ASA5506 or Cisco router 1921/1941 have been configured differnetly than default vpn community values as 1440 min, and 86400 sec.

 

I can publish a firewall rule

#############################
# Add FW rule
#############################
# Name of rule WP-<Parkname>
# source "Hobro_Scada_Internal" & "WP_Gettrup_Internal_Network"
# destination "WP_Gettrup_Internal_Network" & "Hobro_Scada_Internal"
# services "Vestas Park Services"
# vpn-community "WP-Gettrup"
# action "Accept"
# track "Log"
# install-on "gwcluster"

mgmt_cli -u admin add access-rule layer "Network" position 1 name "Windpark Getrrup" source.1 "Hobro_Scada_Internal" source.2 "WP_Gettrup_Internal_Network" destination.1 "WP_Gettrup_Internal_Network" destination.2 "Hobro_Scada_Internal" service.1 "Vestas Park Services" vpn "WP-Gettrup" action "Accept" track.type "Log" install-on "gwcluster"

 

As you can see it add itself to the security policy [Standard]

 

How do I select a security profile by either using the name or uid to publish my new firewall rule?

 

Thanks

Kim

Outcomes