Hi PhoneBoy,

Thank you for super fast answer.
Of course I have a trigger for these three SmartTasks (they are: after submit, after reject, after approve) - but these triggers only work from SmartConsole. They don't work via API.

If there is a way to trigger these .... triggers 🙂 ... from API - it will do the job.
But I didn't find a way for that also...

So for know it looks like that SmartTasks are useless for API (of course I don't think about managing them - it is possible, but executing is not possible). And with that it is neccessary to send mail directly from such web page (in my case) without Check Point's mechanisms (ex. tags like receiver_mail, submitter_mail, submitting_time, changes, etc, etc).
Sure it can be done easly, but these mails will for sure look different (then those send via SmartConsole action)... and it has to be written from scratch by owner of such page ... even that such mechnism is already available in SmartConsole 🙂

--
Best
Marcin

Hi Marcyn,

Maybe I am misunderstanding, the the trigger of a SmartTask is not depending on a action in SmartConsole it is triggered by a executing a action on the management server, this action can be executed using an API call or SmartConsole. 

For example the "After Submit" trigger will be triggered by the user clicking on submit button in SmartConsole or by the user sending the submit-session API call. 

Hi Jim,

Yes, I thought that it should work like this... but unfortunately it doesn't.
Submit-session has only one parameter "uid" ... so besically it is not possible to execute it incorrectly 🙂

In my code I'm executing something like this:

POST {{server}}/submit-session
Content-Type: application/json
X-chkp-sid: {{session}}
{
  "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde"
}

The above code is taken directly from API reference guide - but my own code looks the same.

And after executing this command thru curl, I see in SmartConsole that there is a sumbitted session with a status "pending aproval" ... but SmartTask "after submit" is not firing.
I can confirm that by looking into tcpdump/cppac/fw monitor ... directly on SMS and on my mail server - absolutely nothing.
But if I send for submit directly from SmartConsole ... soon after that SmartTask is firing and I see mail traffic.

So it looks like you are wrong with this submit-session API call.

--
Best
Marcin

The run-script API call let's you execute every code that your SmartTasks are running.
Maybe you can share your SmartTasks with us (example)?

Hi Danny,

To be honest I didn't want to use "traditional" approach with SmartTask - so to run a script, but to use this new feature  - sending e-mail.
But yes, if I change this to be a script ... I can execute this script via API.

But ... with this new approach (sending e-mail) I can create some kind of e-mail template ... that I do not need to create in a script 🙂

With a script ... to be honest I don't even need a SmartTask for API ... because I can do it directly from my web page (for example send e-mails, etc.).

With this e-mail template I can for example attach changes report... which is really interesting.
My SmartTask is really easy one - I attach screenshot of my sample e-mail template (Advanced tab) ... and also screenshot from General tab.
With a script it would be not so easy to achieve the same.

If it would work like Jim wrote ... it would be perfect, but it looks like it doesn;t work like that.
Maybe it's a bug ... and it shoule work like that anyway ?

--
Best
Marcin

Please open a TAC case so we can investigate this: https://help.checkpoint.com
Also tagging @Omer_Kleinstern 

Worked for me on a clean R81.20 installation.

I recommend a TAC case.

Hi Omer,

I've just checked how it will look like on fresh R81.20.
And I can confirm that:
1) from SmartConsole everything works like expected - after submiting session for approve couple of seconds later SmartTask is executing and email is send
2) from CLI using mgmt_cli ... it looks exacly the same - after these below few simple commands I can see that SmartTask is also executing:

[Expert@CP-MGMT:0]# mgmt_cli login user marcyn password 'Chkp!234' > /tmp/s.txt
[Expert@CP-MGMT:0]# mgmt_cli add host name abcdef ip-address 122.123.124.125 -s /tmp/s.txt
[Expert@CP-MGMT:0]# mgmt_cli submit-session -s /tmp/s.txt
message: "OK"
[Expert@CP-MGMT:0]# mgmt_cli logout -s /tmp/s.txt

3) However if I execute the same job via cURL thru my web page session is submiting perfectly (I can see this in SmartConsole) but there is no e-mail (so no SmartTask is executing). And I'm 100% sure that there is no e-mail because I'm monitoring tcpdump on port 25 (or if you wish cppcap, fw monitor). So mgmt server doesn't even try to send this mail.

@Omer_Kleinstern  are you 100% sure that you checked this via cURL ... or maybe just mgmt_cli ?
Of course that I will send this to TAC, but if you could let me know first, what exacly did you test ?

--
Best
Marcin

Hi,

I think that I already know what is going on here.

Now it is working fine, also from web page via cURL.
I discovered that if I make some "sleep" between executing "submit-session" and "logout" ... SmartTask is executing.
At first my code was like this:
1) login
2) do stuff
3) submit-session
4) logout
Between these steps code was waiting for a valid reply (so for example if there is "message=OK"  in reply) ... but soon after valid reply step was triggered.
And by making try and test method ... I've just discovered that after I make some "sleep" between response from step3 (submit-session) and step4 (logout) ... SmartTask is triggered.

So ... for anyone of you that want to use API via cURL and want to have these new SmartTasks ... you already know what to do !

And the most important here is that it actually works ! ... But we have to remember to give SmartTask a little time to trigger before executing session logout 🙂

BTW
I'm preety sure that via mgmt_cli it will work the same ... so if you will have a script where after executing submit-session you will not wait "some time" before executing logout ... it will not trigger SmartTask neither.
It was working for me with mgmt_cli before ... because I was typing this command directly in console (so it took some time after executing command for submit-session ... and before I type and execute command for logout 🙂 ).

Thank you all that made some feedback in this discussion, case closed.

--
Best
Marcin

submit-session returns a task ID.
While a sleep will probably work, the correct approach is to monitor the state of that task using the show-task API endpoint to ensure the task completes.

@PhoneBoy unfortunately it looks like this is not true...

I wish this was true... and of course I would then monitor task-id what I already do for example for install-policy (this action gives task-id for output).

Regarding submit-session ... it only gives message OK 😞

Take a look on API reference guide:

https://sc1.checkpoint.com/documents/latest/APIs/#cli/submit-session~v1.9%20

Output

Got that one wrong 🙂
Anyway, glad you figured out a usable workaround.