R80 Management API tips and tricks - "show-domains... - Check Point CheckMates

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

才高八斗的开心果 · Supported DNS record ...· 6 天前 ·

任性的海龟 · GitLab Pages custom ...· 6 天前 ·

近视的遥控器 · 粮农组织食品价格指数5月回落，全球谷物库存量 ...· 9 月前 ·

礼貌的海龟 · 正则表达式取最后一个 . ...· 11 月前 ·

任性的炒面 · 二的补码和fmt.Printf-腾讯云开发者 ...· 1 年前 ·

刀枪不入的红薯 · python - Curve the ...· 1 年前 ·

非常酷的风衣 · python ...· 1 年前 ·

On Multi-Domain management server you may query for a list of domains in your environment by using a "show-domains" API command .

The response of this command contains a list of domain objects, defined by the user. This list does NOT contain a Global domain, User-Data domain or MDS.

Here is an example bash script that retrieves and stores in a variable a list of domains names -

#!/bin/sh

JQ=${CPDIR}/jq/jq

DOMAINS_FILE="domains.json"

echo 'Getting a list of domains...'
mgmt_cli -r true -d MDS show domains limit 500 --format json > $DOMAINS_FILE
if [ $? -eq 1 ]; then
 echo "Error getting list of domains. Aborting!"
 exit 1
fi

DOMAINS_NAMES=($($JQ -r ".objects[] | .name" $DOMAINS_FILE))‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Here is an example bash script that iterates over the list of above domains and prints all access policy packages and layers -

PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"

for DOMAIN in ${DOMAINS_NAMES[@]}
do
  echo 'Searching in domain '"$DOMAIN"'...'
  mgmt_cli -r true -d "$DOMAIN" show packages limit 500 --format json > $PACKAGES_FILE
  if [ $? -ne 1 ]; then
    PACKAGES_NAMES=($($JQ -r ".packages[] | .name" $PACKAGES_FILE))
    for PACKAGE in ${PACKAGES_NAMES[@]}
    do
      echo 'Searching in package '"$PACKAGE"'...'
      mgmt_cli -r true -d "$DOMAIN" show-package name $PACKAGE --format json > $PACKAGE_FILE
      if [ $? -ne 1 ]; then
        ACCESS_LAYERS=($($JQ '.["access-layers"][] | .name' -r $PACKAGE_FILE))
        for LAYER in ${ACCESS_LAYERS[@]}
        do
          echo 'Policy layer: '"$LAYER"
        done
      fi
    done
  fi
done
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Robert.

$MDSVERUTIL AllCMAs will show the CMA names, not the Domain names as the "mgmt_cli show domains" command does.

Example getting CMA's and Domain's:

CPPROD_UTIL="$CPDIR/bin/cpprod_util"

for CMA in $($MDSVERUTIL AllCMAs); do
     mdsenv $CMA

     DOMAIN_NAME=$(${CPPROD_UTIL} CPPROD_GetValue FW1 CustomerName 1)
     if [[ -z "$DOMAIN_NAME" ]]; then
          echo "Can not get Domain name"
     fi

     echo "CMA: $CMA"
     echo "Domain: $DOMAIN_NAME"
done‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

As Amiad said, best to use the API instead in case the $MDSVERUTIL commands change in a later version.

Hi Robert,

When running this script, I'm getting this as part of the jq

Searching in package Standard...
jq: error: Cannot iterate over null

I've seen the jq error before in other scripts, and haven't been able to track down what is causing it.

It seems to happen in some domains (though not with every search, but some searches), and other domains seem exempt from it.

Do you have a good resource when this happens with a mgmt_cli command that calls jq?

Thank you,

Paul G.