This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2019-04-24 11:47 AM

Dynamic CLI and Gaia APIs TechTalk and Q&A

In this session with @Alexander_Kim, we discuss two new Gaia features:

  • REST API on GAIA gateway
  • Dynamic CLI (pull any expert command into clish)

Our discussion includes demos based on actual customers use cases.

Slides presented in the session (available to CheckMates members).

Audio of the full session below:

Full video of session is available to CheckMates members: https://community.checkpoint.com/t5/Member-Exclusive-Content/Dynamic-CLI-and-Gaia-APIs-TechTalk-Vide...

A brief excerpt of our session is below.

(view in My Videos)

 

12 Replies
_Val_
Admin
Admin
‎2019-05-09 01:10 AM

Q&A Transcript

 

Q: When Ender will be part of a general release?

A: It is currently planned to be ready with R80.40 For all other R80.x family, it is available as an add-on package.

 

Q: Is there any GitHub repo for checkpoint example codes with REST API?

A: We have a good collection on CheckMates already. Just go to the community and look for CodeHub section

 

Q: How to run clish in expert?

A: clish -c <your command>

 

Q: I have tried Dynamic CLI package, on R77.30, and it does not work. Why?

A: Dynamic CLI is supported with R80.10 and up.

 

Q: Can you please provide SK number for dynamic CLI?

A: It is sk144112.

 

Q: Will Ender tie in with Tufin?

A: Any third party can use our APIs. This question should be directed to Tufin and not us.

 

Q: Does gateway need to be on R80.x alogn with MDS for dynamic CLI?

A: Gateways needs to be on R80.10 or above to use Dynamic CLI or API.

 

Q: In the future, will this be possible with other appliances such as the SmartEndpoints?

A: These features are not specific to gateways, they also apply to management servers, and to any other Gaia based device.

 

Q: Can you add a gateway cluster object using the Management APIs?

A: Management APIs are out of scope for this discussion. That said, there is no API for adding a cluster currently. We are planning this functionality for the future releases.

 

Q: Are there plans to support Terraform also for Mgmt API ? For example to create host objects, rulebase etc.?

A: Management API is also REST API. You can use it with any tool that works through REST API, Terraform included.

 

Q: Will it be possible to backup the firewall rules on the roadmap of the product. Rigth now is very cumbersome.

A: The firewall rules are stored on the management and they can be backed up in one of several ways using the management APIs (among other ways). Best to post this question with your specific requirements on CheckMates.

 

Q: What is the performance impact of using both features on a gateways?

A: Performance impact is minimal.

0 Kudos
Kris_Pellens
Collaborator
‎2019-10-27 04:43 PM

In the presentation, Alexander Kim gave a demo about GAIA API version 1.x.

During the execution of the script, the following "tasks" were executed:

  1. set-ntp
  2. ftw

However, in GAIA API version 1.2 those "tasks" are not yet available.

Could you indicate when those become available?

Thanks.

 

0 Kudos
BigLeBeauski24
Participant
‎2020-06-25 07:37 AM

I have read through the entire sk multiple times, but I cannot find the "new" command for cphaprob stat or cplic print?  Can someone please let me know what those commands are?

I still do not understand why you would deprecate such popular diagnostic commands.

 

-Dave

0 Kudos
_Val_
Admin
Admin
‎2020-06-25 10:13 AM
In response to BigLeBeauski24

What gives you an idea they are deprecated?

Dynamic CLI provides you with ability to port expert mode commands to CLISH. Gaia API allows you RESTful API calls to control system parameters of OS level.

Both commands you mention are available from Expert mode, as before. 

0 Kudos
Daniel_Schlifka
Contributor
‎2020-08-19 02:51 AM
In response to _Val_

What happend to the "generate command" cmd? It's not available in R80.40T294 while it definitely uses dclish.
Dynamic Clish is kindly said incomplete and lacks of certain abilities.  Same applies to the Gaia API, especially when it comes to vsx.

edit:
ok i can abuse "add command", it's not exactly the same but will do the trick.

_Val_
Admin
Admin
‎2020-08-19 04:36 AM
In response to Daniel_Schlifka

What is "generate command" in the first place? 

0 Kudos
Daniel_Schlifka
Contributor
‎2020-08-19 07:06 AM
In response to _Val_

It is mentioned in the video posted originally by PhoneBoy. See second 0:40

0 Kudos
_Val_
Admin
Admin
‎2020-08-19 08:12 AM
In response to Daniel_Schlifka

@Daniel_Schlifka thanks for reminding me. It was Early Availability demo.

Basically, this feature did not make it to production because of the security concerns. All supported features are listed in sk144112

0 Kudos
Daniel_Schlifka
Contributor
‎2020-08-19 08:30 AM
In response to _Val_

Sorry to hear that.
I will stay with the "add command" instead then. Are there plans to extend the commands in sk144112 further? (I have a wishlist)

0 Kudos
_Val_
Admin
Admin
‎2020-08-19 08:36 AM
In response to Daniel_Schlifka

"add command" is good enough 🙂

Do share your list here, I will make sure the current feature owners take a loot

0 Kudos
Daniel_Schlifka
Contributor
‎2020-08-20 07:56 AM
In response to _Val_

Hi,

personally i miss :
fw vsx stat -l
cpmq set *
fw ctl multik prioq
fw ctl multik set_mode|get_mode
fw ctl multik print_heavy_conn
fw lslogs
fw ctl conntab
fw ctl conn_info
fw ctl multik get_instance
fw ctl multik show_bypass_ports

regards Daniel

ps. also "cpstat -f stat vsx" seems no longer to work, but that is not related to dynamic clish, its doesn't work in bash/expert either. (R80.40t294 without GHFA)
pps. must "cphaprob -a if" show up behind "show cluster members interfaces all" - thats tbh well hidden.
Also it's not directly mentioned in sk144112, which it should be by my opinion as it's essential for cluster issue debugging.

0 Kudos
Anthony_Kahwati
Collaborator
‎2021-03-12 12:22 AM
In response to Daniel_Schlifka

Are traffic visibility commands like fw monitor and tcpdump still only in expert mode? Haven't got this in place yet but it's going in in a new build soon so I can't just check yet.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events