- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- API calls going to mds instead of cma
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
API calls going to mds instead of cma
in my setup, there is one MDS and serveral CMAs. i am passing a few API queries to one of the CMAs via CMA IP.
API for login or logout are working fine, but others like publish, add-host etc are going to MDS instead of CMA. Please help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does your login call look like for these sessions?
Is the "domain" parameter specified with each and every login call made?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tried that too.
when i tried to login to CMA while supplying "domain" parameter, response was : {'code': 'err_login_failed', 'message': 'Authentication to server failed.'}
when i tried to login to MDS while supplying "domain" parameter, response was : {'code': 'generic_server_error', 'message': 'Management server failed to execute command'}
Log generated in smartview : Administrator failed to log in: SIC Error for cpmi: Server could not find authentication method, method returned deny for service cpmi.
Without supplying domain parameter, i was getting logged in to MDS, irrespective of the server IP (MDS or CMA)
Can you provide some guide... tried both python SDK and direct API calls.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to explain the precise flow you are following.
For the login call:
- What IP are you connecting to? Is it a CMA, MDS?
- What is the exact call you're making? You can obscure the credentials and such, but showing the exact call would help.
- Have you verified the user's credentials you are using are valid in the context they are issued? For example, if you're connecting to the CMA IP, the credentials need to be valid in the context of the CMA. Further, the user in question must have API access enabled, which is done in the relevant admin profile.
If you want to connect to a CMA using a global admin (instead of a CMA admin), I believe you need to connect to the MDS IP and specify the domain name in the API call.
@Omer_Kleinstern can you confirm?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok. i Got it.
I am multidomain superuser.
I tested everything and found out.
We can supply server address of either CMA or MDS to login.
and also need to supply domain name of CMA to be able to connect/query the CMA.
I will appreciate if you can provide me with latest API documentation.
I want to automate tasks like backup of config, rules, etc and adding/deleting/modifying rules, hosts, optization of rules as per number of hits (sorting)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All of our API documentation is here: https://sc1.checkpoint.com/documents/latest/api_reference/index.html
This is for all of our products.
The Management API in particular: https://sc1.checkpoint.com/documents/latest/APIs/index.html#introduction~v1.9%20