Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Uri_Bialik

Python library for using R80 management server APIs

Overview

Check Point Python Development Kit simplifies the usage of the Check Point R80 Management Server APIs. The kit contains the API library project, and sample projects demonstrating the capabilities of the library.

Examples:

  • add_access_rule - demonstrates a basic flow of using the APIs: performs a login command, adds an access rule to the top of the access policy layer, and publishes the changes.
  • find_duplicate_ip - demonstrates searching for all the hosts that share the same IP address.
  • discard_sessions - demonstrates how to discard the changes to the database for un-published sessions.
  • clone_host - demonstrates cloning and replacing an existing host with a cloned host.

Description

A Python 2.7 and Python 3.7 code that uses a library that handles all the communication with the Check Point R80 Management Server.

Instructions

Download the development kit containing the library and the examples.

Run each example from its folder.

python example_name.py

Or you can instalI the library with pip as follows:

pip install git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
https://github.com/CheckPointSW/cp_mgmt_api_python_sdk#note-you-might-be-required-to-use-sudo-for-th...Note: you might be required to use "sudo" for this command.

For other ways to install/upgrade, see: cp_mgmt_api_python_sdk/README.md 

Tested on version

R80, API version 1.0

Source Code Availability

The source code is now public on GitHub repository:

GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit 

https://github.com/CheckPoint-APIs-Team/cpapi-python-sdk

NOTICE: By using this sample code you agree to terms and conditions in this Terms and Conditions

...

20 Replies
Not applicable

with this I can start, thanks for inspiration..!

0 Kudos
Kobi_Eisenkraft
Employee
Employee

Thank you,

Enjoy the exploration.

0 Kudos
John_White
Employee
Employee

nice! I'm going to have fun with this.

Quinn_Yost
Contributor

What is the likelihood that Check Point will establish an official repository for these that can be more easily tracked than a forum post?

I'm thinking Github, or one of it's peers.  

0 Kudos
Uri_Bialik

Hi Quinn,

Thank you for your suggestion. Yes, an official repository is indeed the way to go...

Uri

0 Kudos
Quinn_Yost
Contributor

Is the recent transition to CodeHub intended to be the repository, or are should we still look forward to a transition to git (or equivalent)?    Seem that CodeHub is just a new theme applied to a Jive community.

Josh_Smith
Participant

When I attempt to run these scripts from the management server I receive the following error message:

[Expert@fwadmin:0]# ./python /home/admin/api_scripts/find_duplicate_ip/findDupIP.py
Enter server IP address or hostname: 10.253.228.4
Enter username: admin
Enter password:
Traceback (most recent call last):
File "/home/admin/api_scripts/find_duplicate_ip/findDupIP.py", line 87, in <module>
main()
File "/home/admin/api_scripts/find_duplicate_ip/findDupIP.py", line 38, in main
if client.check_fingerprint(server) is False:
File "/home/admin/api_scripts/find_duplicate_ip/mgmt_api_lib/cp_mgmt_api.py", line 505, in check_fingerprint
server_fingerprint = self.get_server_fingerprint(server)
File "/home/admin/api_scripts/find_duplicate_ip/mgmt_api_lib/cp_mgmt_api.py", line 369, in get_server_fingerprint
context = ssl.create_default_context()
AttributeError: 'module' object has no attribute 'create_default_context'

actively learning python, so forgive me if it is a trivial error I am not understanding. 

I am running this on the R80 management server itself utilizing python found in the /opt/CPsuite-R80/fw1/Python/bin directory.

0 Kudos
Inbar_Moskovich
Employee Alumnus
Employee Alumnus

Hi Josh,

Thank you for your comment!

I will contact you offline.

0 Kudos
Greg_Dunlap
Participant

what was the fix for this?  i've run into it as well.

much thanks

PhoneBoy
Admin
Admin

Is it the same error as above or a different error?

Assuming it's the same, https://community.checkpoint.com/people/inbareeae75d0-98f5-44ac-97e4-698af63daa24‌, can you comment on how you resolved the issue for Josh or provide an update?

0 Kudos
Inbar_Moskovich
Employee Alumnus
Employee Alumnus

I apologize for the delay in my response, I have not been at the office in the last week.

The error: AttributeError: 'module' object has no attribute 'create_default_context'

usually happens when the python version is not 2.7.9 or up, so I will recommend you to upgrade your python to 2.7.9 or up.
 Best Regards.
0 Kudos
Robert_Decker
Advisor

The source code is now an open source on GitHub repository:

GitHub - CheckPoint-APIs-Team/cpapi-python-sdk: Check Point API Python Development Kit 

Kaspars_Zibarts
Employee Employee
Employee

Very grateful for clone script! Two observations (sorry can't update on Git right now) when using MDS

It calls this method with wrong arguments so it fails to log into CMA..

def handle_local_domain(client_domain, domain, username, password, orig_host_ip, cloned_host_name, cloned_host_ip😞

gets called as (thus passing server IP address as username Smiley Happy  and cloned IP is missing)

handle_local_domain(client_domain, domain, server, username, password, orig_host_ip, cloned_host_name)

Secondly API session with default 10min timer was not sufficient, so I had to add keepalive in CMA loop

for domain in domains.data:
   log("\n\tChecking on Local Domain {}".format(domain["name"]))
   handle_local_domain(client_domain, domain, username, password, orig_host_ip,
   cloned_host_name, cloned_host_ip)
   client.api_call("keepalive", {}, login_res.data["sid"])

I haven't had time to fix these yet as script seems to complete OK and correct updates are made

Traceback (most recent call last):
File "clone_host.py", line 794, in <module>
main(sys.argv[1:])
File "clone_host.py", line 787, in main
client_domain.save_debug_data()
File "/home/kasparsz/cp_mgmt_api_python_sdk-master/cp_mgmt_api_python_sdk-master/lib/mgmt_api.py", line 128, in save_debug_data
out_file.write(json.dumps(self.api_calls, indent=4, sort_keys=True))
File "/opt/CPsuite-R80/fw1/Python/lib/python2.7/json/__init__.py", line 251, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/opt/CPsuite-R80/fw1/Python/lib/python2.7/json/encoder.py", line 209, in encode
chunks = list(chunks)
MemoryError

Amiad_Stern

Thanks for your comment, @yaelg from my team will look into it.

Amiad_Stern

I’m glad to inform that our Python SDK was updated and is now Python2 and Python3 compatible.

Ash_Sidhu
Participant

I have Python 3.4.3 and I am unable to use the scripts as I get error at the login stage ...

[user1@serv1 python]$ python3 clone_host.py
Enter server IP address or hostname: 10.95.195.105
Enter username: admin
Enter password:
Enter host IP address: 10.0.0.1
Enter new host name: HostA
Enter new host server IP :10.0.0.2
Enter global domain name in case of MDS server: [In order to use the default value ('Global') or in case of CMA hit 'Enter']
Enter 'True' if you want the script to do assign of the global domain [In order to use the default value ('False') hit 'Enter']

Checking the fingerprint for server 10.45.195.105...

Logging in to server 10.45.195.105...
Login failed:
the JSON object must be str, not 'bytes'

Saving data to debug file api_calls.json

Amiad_Stern

Hi Ash, wanted to inform you the issue was fixed in our SDK. See this commit https://github.com/CheckPointSW/cp_mgmt_api_python_sdk/pull/14
0 Kudos
Amiad_Stern

Hi Ashu, 

Thanks for your feedback, I'm using v3.7.1 and i just checked it and it works for me. I will ask someone from my team to check it tomorrow.

Regards,

Amiad. 

0 Kudos
netanel1431
Explorer

hello , i do all the step, but when i run the script i get this error :

Login failed: APIResponse received a response which is not a valid JSON.

Do you know what is wrong ?

0 Kudos
mythryll
Participant

Thank you for the Python SDK, the examples and for updating it for 3.7.
Is there a detailed documentation for this? It would help to know what is available and with what specs (like list of functions with expected parameters, expected output, etc.)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events