- CheckMates
- :
- CheckMates Toolbox
- :
- SmartConsole Extensions
- :
- Re: SmartConsole Extension - Show VPN topology on ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Show VPN topology on gateways
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
📕 Referenced in the book Max Power 2020
ℹ️ Supported from R80.30+
SmartConsole Extension to show the installed VPN topology on gateways.
Extension URL: https://dannyjung.de/vpntopo.json
Uses the One-liner developed in this thread.
SMB / VSX gateways aren't supported yet (need to implement loading of VS environment and changing to VS)
📕 Referenced in the book Max Power 2020
ℹ️ Supported from R80.30+
SmartConsole Extension to show the installed VPN topology on gateways.
Extension URL: https://dannyjung.de/vpntopo.json
Uses the One-liner developed in this thread.
SMB / VSX gateways aren't supported yet (need to implement loading of VS environment and changing to VS)
Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very cool!
So basically reading CPProdUtil and adding that great information to SmartConsole - I like! And you can probably extend it to additional buttons that take data from CPProdUtil and that you find useful.
If this was just a regular gateway, not a cluster, you could also get it from the Management API Command "show simple-gateway" and the property vpn-settings.vpn-domain https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-simple-gateway~v1.6%20
I also like the many validations that you added, such as no relevant gateways.
Worth to mention this requires R80.30 and above. Below that version, we get this:
... another reason to upgrade already 😀 R80.30 is the most popular version already.
Might be better if you include a "welcome" / "please go to Gateways page and find a new tab called VPN Topology" type of page after I click OK.
You do that by adding this to your manifest:
{ "location": "post-enable-popup", "relevant-types": ["extension"], "ui-element": { "caption": "My Fancy Extension", "tooltip": "", "action": { "browser-window": { "height": "320", "width": "600" }, "details-level": "uid", "method": "get", "trigger-id": "post-installation-popup", "url": "instructions.html" } } }],
I then went to the Gateways page and found the new bottom pane with the button. I can see why you made that button - because clicking it pops up a request to commit changes so it's definitely better to have it only happening when the user clicks a button.
If I click "cancel" and don't approve the change the button changes its text to "{" so you may want to handle that as well
Very cool!
So basically reading CPProdUtil and adding that great information to SmartConsole - I like! And you can probably extend it to additional buttons that take data from CPProdUtil and that you find useful.
If this was just a regular gateway, not a cluster, you could also get it from the Management API Command "show simple-gateway" and the property vpn-settings.vpn-domain https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-simple-gateway~v1.6%20
I also lik
...;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Tomer_Sole , I really appreciate your feedback!
As it's all just basic HTML I already have plans to use CSS stylesheets and SVGs in future for better appearance in SmartConsole.
Thanks @Tomer_Sole , I really appreciate your feedback!
As it's all just basic HTML I already have plans to use CSS stylesheets and SVGs in future for better appearance in SmartConsole.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just tried it in my lab environment and clicking the button makes my SmartConsole hang and I have to force close it (task never shows up in SmartConsole, neither as done or error). Same happens btw. for your other extension. My version is R80.40 JHF 25 for mgmt and gw.
I troubleshooted it a bit and extracted the relevant code from the .htm.
edited post (my fault):
If I only run the cpprod_util, the command is working and also with mgmt_cli it runs the task. Here the output from cpprod_util
$CPDIR/bin/cprid_util -server "10.2.231.52" -verbose rexec -rcmd /bin/bash -c "base64 -id <<< aWYgW1sgYCRDUERJUi9iaW4vY3Bwcm9kX3V0aWwgRndJc0ZpcmV3YWxsTW9kdWxlIDI+L2Rldi9udWxsYCAhPSAqJzEnKiBdXTsgdGhlbiBlY2hvOyB0cHV0IGJvbGQ7IHRwdXQgc2V0YWIgMTsgZWNobyAnIE5vdCBhIGZpcmV3YWxsIGdhdGV3YXkhICc7IHRwdXQgc2dyMDsgZWNobzsgZWxzZSBpZiBbWyBgZ3JlcCBSODAuNDAgL2V0Yy9jcC1yZWxlYXNlIHwgd2MgLWxgICE9IDAgXV07IHRoZW4gZWNobzsgdHB1dCBib2xkOyB0cHV0IHNldGFiIDE7IGVjaG8gLW4gJyBJbmZvOiBWUE4gRG9tYWluIGZvciBHYXRld2F5IENvbW11bml0aWVzIGFyZSBjdXJyZW50bHkgbm90IGRpc3BsYXllZCBjb3JyZWN0bHkgYnkgdGhpcyB0b29sISAnOyB0cHV0IHNncjA7IGVjaG87IGZpOyBmdyB0YWIgLXQgdnBuX3JvdXRpbmcgLXUgfCBhd2sgJ05SPjMgeyQwPXN1YnN0cigkMCwyLDI4KTsgZ3N1YigiLCAiLCAiIik7IGdzdWIoIjsgIiwgIiIpOyBnc3ViKCIuLiIsICIweCYgIik7IHByaW50fScgfCB4YXJncyBwcmludGYgIiVkLiVkLiVkLiVkICVkLiVkLiVkLiVkICVkLiVkLiVkLiVkXG4iIHwgYXdrICd7cHJpbnQgJDMiLiIkMSIgLSAiJDJ9JyB8IHNvcnQgLXQgLiAtayAgMSwxbiAtayAyLDJuIC1rIDMsM24gLWsgNCw0biAtayA1LDVuIC1rIDYsNm4gLWsgNyw3biAtayA4LDhuIHwgc2VkICdzL14veC8nIHwgc2VkICdzL1wuL1xuXHQvNCcgfCBhd2sgJyF4WyQwXSsrJyB8IHNlZCAnL3gvcy8kL1xuXHRFbmNyeXB0aW9uIGRvbWFpbi8nIHwgc2VkICdzL3gvXG5WUE4gR2F0ZXdheSA+IC8nIHwgaWYgW1sgJChjYXQgL2V0Yy9jcC1yZWxlYXNlKSAhPSAqIkVtYmVkZGVkIiogXV07IHRoZW4gZWdyZXAgLUMgOTk5OSAtLWNvbG9yPWF1dG8gJCdWUE4gR2F0ZXdheXxFbmNyeXB0aW9uIGRvbWFpbic7IGVsc2UgY2F0ICQxIHwgc2VkICdzL15cdC8vJzsgZmk7IGVjaG87IGZpOyBpZiBbWyBgZ3JlcCBSODAuNDAgL2V0Yy9jcC1yZWxlYXNlIHwgd2MgLWxgICE9IDAgXV07IHRoZW4gdHB1dCBib2xkOyB0cHV0IHNldGFiIDE7IGVjaG8gLW4gJyBJbmZvOiBWUE4gRG9tYWluIGZvciBHYXRld2F5IENvbW11bml0aWVzIGFyZSBjdXJyZW50bHkgbm90IGRpc3BsYXllZCBjb3JyZWN0bHkgYnkgdGhpcyB0b29sISAnOyB0cHV0IHNncjA7IGVjaG87IGVjaG87IGZp | sh"
Info: VPN Domain for Gateway Communities are currently not displayed correctly by this tool!
VPN Gateway > 10.2.231.51
Encryption domain
10.2.231.51 - 10.2.231.53
192.168.220.0 - 192.168.220.255
192.168.221.1 - 192.168.221.3
192.168.229.1 - 192.168.229.2
Info: VPN Domain for Gateway Communities are currently not displayed correctly by this tool!
I just tried it in my lab environment and clicking the button makes my SmartConsole hang and I have to force close it (task never shows up in SmartConsole, neither as done or error). Same happens btw. for your other extension. My version is R80.40 JHF 25 for mgmt and gw.
I troubleshooted it a bit and extracted the relevant code from the .htm.
edited post (my fault):
If I only run the cpprod_util, the command is working and also with mgmt_cli it runs the task. Here the out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you share the hang offline immediately after the hang occurs?
%LocalAppData%\Check Point\R80.40 as zip folder
$MDS_FWDIR/log/cpm*.elg* as zip folder
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Danny,
We using R80.40 in our test environment and latest build smartconsole but i try to run script smartconsole freeze and not responding.
We need to special setting for this script and other once ? Additional info; Windows 10 x64 1909 build my computer os.
Edit: Perfectly running now. Thanks for help and script Danny.
Hi Danny,
We using R80.40 in our test environment and latest build smartconsole but i try to run script smartconsole freeze and not responding.
We need to special setting for this script and other once ? Additional info; Windows 10 x64 1909 build my computer os.
Edit: Perfectly running now. Thanks for help and script Danny.
;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curious what exactly are the connectivity requirements? Does the CP Manager SSH need to SSH to the gateways?
We have a few clusters in GCP where the cluster IP configured in SmartConsole is actually a public IP address. But we don't allow inbound SSH to the gateways via internet for obvious security reasons.
Curious what exactly are the connectivity requirements? Does the CP Manager SSH need to SSH to the gateways?
We have a few clusters in GCP where the cluster IP configured in SmartConsole is actually a public IP address. But we don't allow inbound SSH to the gateways via internet for obvious security reasons.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content