Mgmt of CP_ CLI tool and SMC CLI usage

Because the upgrade of the customer's version is not successful, considering the manual addition of policies, host information and NAT, this paper studies the following preparation to write the customer's firewall information into a script (ps: from 2000 customer firewall policies, so I think the lazy way to write a script)

First of all, let's talk about MGMT of CP_ The syntax blog of CLI command is tested in All in one of 80.10
Must be executed on expert mode expert mode

login

Log in to the server with a user name and password. The server displays your session unique identifier. Enter this session unique identifier in the X-chkp-sid header for each request.

  • Syntax
mgmt_cli login
  • Parameters can be entered and filled in

Command

mgmt_cli login

Output

Username: admin
Password: 
uid: "b46805b4-09bc-4095-aaf3-9ba9a307f1eb"
sid: "wjPvhRNxNMD7le8QD1isO49Q6XFpAIRybVzIKj39v3k"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at: 
  posix: 1577413337633
  iso-8601: "2019-12-27T10:22+0800"
api-server-version: "1.1"
  • You can also log in directly

Conmand

mgmt_cli login user "aa" password "aaaa" 

Output

uid: "995fa260-7621-44cb-ab2f-cb383558c1ad"
sid: "WHc1fh8KqepdggnVe3gNe-xGrW8lFjWbkAczRTLDx1E"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at: 
  posix: 1577413718049
  iso-8601: "2019-12-27T10:28+0800"
api-server-version: "1.1"

public

All users can see all the changes made by the user only after publish ing is called.

Syntax

mgmt_cli public

Conmand

mgmt_cli publish

Output(tasks view progress)

---------------------------------------------
Time: [11:07:52] 27/12/2019
---------------------------------------------
"Publish operation"  succeeded  (100%)  
tasks: 
- task-id: "01234567-89ab-cdef-8dbc-0b2a427c153c"
  task-name: "Publish operation"
  status: "succeeded"
  progress-percentage: 100
  suppressed: false
  task-details: 
  - publishResponse: 
      numberOfPublishedChanges: 0
    revision: "95574349-e66c-461a-bcfe-d6f4524720a0"

discard

All changes made by the user are discarded and removed from the database.

Syntax

mgmt_cli discard

Conmand

mgmt_cli discard

Output

{
    number-of-discarded-changes: 0
    message: "OK"
}

keepalive

Keep session active / active.

Syntax

mgmt_cli keepalive

Conmand

mgmt_cli keepalive

Output

{
  "message" : "OK"
}

add host

Add host

Syntax

mgmt_cli add host

Arguments

Conmand

mgmt_cli add host name "New Host 1" ip-address "192.0.2.1"

Output

{
  "uid" : "9423d36f-2d66-4754-b9e2-e7f4493756d4",
  "folder" : {
    "uid" : "feb54da1-c5e2-4e83-a3ed-d0601ba5ccb9",
    "name" : "/Global Objects"
  },
  "domain" : {
    "domain-type" : "local domain",
    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name" : "SMC User"
  },
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "read-only" : false,
    "last-modify-time" : {
      "posix" : 1429440561055,
      "iso-8601" : "2015-04-19T13:49+0300"
    },
    "last-modifier" : "aa",
    "creation-time" : {
      "posix" : 1429440561055,
      "iso-8601" : "2015-04-19T13:49+0300"
    },
    "creator" : "aa"
  },
  "tags" : [ ],
  "name" : "New Host 4",
  "comments" : "",
  "color" : "black",
  "icon" : "Objects/host",
  "groups" : [ ],
  "nat-settings" : {
    "auto-rule" : false
  },
  "ipv4-address" : "192.0.2.1",
  "ipv6-address" : ""
}

add network

create new object

Syntax

mgmt_cli add network

Conmand

mgmt_cli add network name "New Network 1" subnet "192.0.2.0" subnet-mask "255.255.255.0" 

Output

{
  "message" : "OK"
}

add access-rule

Create a new policy

Syntax

mgmt_cli add access-rule 

Conmand

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "AOL" vpn "MyIntranet" 

Output

{
  "uid" : "1df8a4b0-fa8b-428b-b649-626b74bf7f81",
  "name" : "Rule 1",
  "type" : "access-rule",
  "domain" : {
    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name" : "SMC User",
    "domain-type" : "domain"
  },
  "enabled" : true,
  "comments" : "",
  "meta-info" : {
    "lock" : "locked by current session",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1482659046483,
      "iso-8601" : "2016-12-25T11:44+0200"
    },
    "last-modifier" : "aa",
    "creation-time" : {
      "posix" : 1482659046483,
      "iso-8601" : "2016-12-25T11:44+0200"
    },
    "creator" : "aa"
  },
  "install-on" : [ {
    "uid" : "6c488338-8eec-4103-ad21-cd461ac2c476",
    "name" : "Policy Targets",
    "type" : "Global",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  } ],
  "source" : [ {
    "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
    "name" : "Any",
    "type" : "CpmiAnyObject",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  } ],
  "source-negate" : false,
  "destination" : [ {
    "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
    "name" : "Any",
    "type" : "CpmiAnyObject",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  } ],
  "destination-negate" : false,
  "service" : [ {
    "uid" : "97aeb3d9-9aea-11d5-bd16-0090272ccb30",
    "name" : "smtp",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "25"
  }, {
    "uid" : "97aeb44f-9aea-11d5-bd16-0090272ccb30",
    "name" : "AOL",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "5190"
  } ],
  "service-negate" : false,
  "vpn" : [ {
    "uid" : "8fcd975f-33b1-4322-b033-6fb251554d45",
    "name" : "MyIntranet",
    "type" : "vpn-community-meshed",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    }
  } ],
  "action" : {
    "uid" : "6c488338-8eec-4103-ad21-cd461ac2c473",
    "name" : "Drop",
    "type" : "RulebaseAction",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "action-settings" : {
    "enable-identity-captive-portal" : false
  },
  "content" : [ {
    "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
    "name" : "Any",
    "type" : "CpmiAnyObject",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  } ],
  "content-negate" : false,
  "content-direction" : "any",
  "track" : {
    "uid" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
    "name" : "None",
    "type" : "Track",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "track-alert" : "none",
  "time" : [ {
    "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
    "name" : "Any",
    "type" : "CpmiAnyObject",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  } ],
  "custom-fields" : {
    "field-1" : "",
    "field-2" : "",
    "field-3" : ""
  }
}

View API syntax add parameters

Other commands don't have to be tested. Almost all the syntax is the same. CP is only executed in expert mode. However, for each executed command, you need to enter the login user name and password. If you use batch processing, you are recommended to log in to SMC, add script files, and upload them for execution

SMC CLI

  • The location is COMMAND LINE in the lower left corner after logging in to SMC

add host

Create host

Syntax

add host

Conmand

add host name "New Host 1" ip-address "192.0.2.1"

Output

No return result is successful

add network

create new object

Syntax

add network

Conmand

 add network name "New Network 1" subnet "192.0.2.0" subnet-mask "255.255.255.0" 

add access-rule

Create a new policy

Syntax

 add access-rule 

Conmand

add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "AOL" vpn "MyIntranet" 

Output

No return result is successful

The above is how CP knocks the command on the command line of the device and SMC to operate. For batch processing, it is recommended to execute the script gateway & Servers - > intermediate Scripts, which can write a script and then execute the syntax similar to the CLI command of the login device

Official website

Tags: network Session VPN firewall

Posted on Wed, 10 Jun 2020 23:03:14 -0400 by goaman