因客户版本升级未成功,所以考虑到手动添加策略和主机信息与NAT,所以研究了下 准备把客户的防火墙信息写成脚本(ps:客户防火墙策略2000条起,所以才想的偷懒办法 写脚本)
首先得说下关于CP的mgmt_cli命令的语法 博客是在80.10的All in one里测试的
必须在 专家模式 专家模式 专家模式 上 执行
login
使用用户名和密码登录到服务器。服务器显示您的会话唯一标识符。在每个请求的“X-chkp-sid”报头中输入此会话唯一标识符。
- Syntax
mgmt_cli login
- 参数可以输入后填入
Command
mgmt_cli login
Output
Username: admin
Password:
uid: "b46805b4-09bc-4095-aaf3-9ba9a307f1eb"
sid: "wjPvhRNxNMD7le8QD1isO49Q6XFpAIRybVzIKj39v3k"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1577413337633
iso-8601: "2019-12-27T10:22+0800"
api-server-version: "1.1"
- 也可以直接输入 登陆
Conmand
mgmt_cli login user "aa" password "aaaa"
Output
uid: "995fa260-7621-44cb-ab2f-cb383558c1ad"
sid: "WHc1fh8KqepdggnVe3gNe-xGrW8lFjWbkAczRTLDx1E"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1577413718049
iso-8601: "2019-12-27T10:28+0800"
api-server-version: "1.1"
public
只有在调用publish之后,所有用户才能看到该用户所做的所有更改。
Syntax
mgmt_cli public
Conmand
mgmt_cli publish
Output(tasks查看进度)
---------------------------------------------
Time: [11:07:52] 27/12/2019
---------------------------------------------
"Publish operation" succeeded (100%)
tasks:
- task-id: "01234567-89ab-cdef-8dbc-0b2a427c153c"
task-name: "Publish operation"
status: "succeeded"
progress-percentage: 100
suppressed: false
task-details:
- publishResponse:
numberOfPublishedChanges: 0
revision: "95574349-e66c-461a-bcfe-d6f4524720a0"
discard
用户所做的所有更改都将被丢弃并从数据库中删除。
Syntax
mgmt_cli discard
Conmand
mgmt_cli discard
Output
{
number-of-discarded-changes: 0
message: "OK"
}
keepalive
保持会话有效/活动。
Syntax
mgmt_cli keepalive
Conmand
mgmt_cli keepalive
Output
{
"message" : "OK"
}
add host
添加主机
Syntax
mgmt_cli add host
Arguments
Conmand
mgmt_cli add host name "New Host 1" ip-address "192.0.2.1"
Output
{
"uid" : "9423d36f-2d66-4754-b9e2-e7f4493756d4",
"folder" : {
"uid" : "feb54da1-c5e2-4e83-a3ed-d0601ba5ccb9",
"name" : "/Global Objects"
},
"domain" : {
"domain-type" : "local domain",
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User"
},
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"read-only" : false,
"last-modify-time" : {
"posix" : 1429440561055,
"iso-8601" : "2015-04-19T13:49+0300"
},
"last-modifier" : "aa",
"creation-time" : {
"posix" : 1429440561055,
"iso-8601" : "2015-04-19T13:49+0300"
},
"creator" : "aa"
},
"tags" : [ ],
"name" : "New Host 4",
"comments" : "",
"color" : "black",
"icon" : "Objects/host",
"groups" : [ ],
"nat-settings" : {
"auto-rule" : false
},
"ipv4-address" : "192.0.2.1",
"ipv6-address" : ""
}
add network
创建新对象
Syntax
mgmt_cli add network
Conmand
mgmt_cli add network name "New Network 1" subnet "192.0.2.0" subnet-mask "255.255.255.0"
Output
{
"message" : "OK"
}
add access-rule
创建新策略
Syntax
mgmt_cli add access-rule
Conmand
mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "AOL" vpn "MyIntranet"
Output
{
"uid" : "1df8a4b0-fa8b-428b-b649-626b74bf7f81",
"name" : "Rule 1",
"type" : "access-rule",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"enabled" : true,
"comments" : "",
"meta-info" : {
"lock" : "locked by current session",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1482659046483,
"iso-8601" : "2016-12-25T11:44+0200"
},
"last-modifier" : "aa",
"creation-time" : {
"posix" : 1482659046483,
"iso-8601" : "2016-12-25T11:44+0200"
},
"creator" : "aa"
},
"install-on" : [ {
"uid" : "6c488338-8eec-4103-ad21-cd461ac2c476",
"name" : "Policy Targets",
"type" : "Global",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
} ],
"source" : [ {
"uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name" : "Any",
"type" : "CpmiAnyObject",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
} ],
"source-negate" : false,
"destination" : [ {
"uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name" : "Any",
"type" : "CpmiAnyObject",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
} ],
"destination-negate" : false,
"service" : [ {
"uid" : "97aeb3d9-9aea-11d5-bd16-0090272ccb30",
"name" : "smtp",
"type" : "service-tcp",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
},
"port" : "25"
}, {
"uid" : "97aeb44f-9aea-11d5-bd16-0090272ccb30",
"name" : "AOL",
"type" : "service-tcp",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
},
"port" : "5190"
} ],
"service-negate" : false,
"vpn" : [ {
"uid" : "8fcd975f-33b1-4322-b033-6fb251554d45",
"name" : "MyIntranet",
"type" : "vpn-community-meshed",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
}
} ],
"action" : {
"uid" : "6c488338-8eec-4103-ad21-cd461ac2c473",
"name" : "Drop",
"type" : "RulebaseAction",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
},
"action-settings" : {
"enable-identity-captive-portal" : false
},
"content" : [ {
"uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name" : "Any",
"type" : "CpmiAnyObject",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
} ],
"content-negate" : false,
"content-direction" : "any",
"track" : {
"uid" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"name" : "None",
"type" : "Track",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
},
"track-alert" : "none",
"time" : [ {
"uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"name" : "Any",
"type" : "CpmiAnyObject",
"domain" : {
"uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
"name" : "Check Point Data",
"domain-type" : "data domain"
}
} ],
"custom-fields" : {
"field-1" : "",
"field-2" : "",
"field-3" : ""
}
}
其他的命令就没有去测试了 差不多语法都是一样 CP只是在专家模式下执行的,不过执行的每一条都需要输入登陆的用户名和密码 较为麻烦 如果使用批处理推荐登陆SMC添加脚本文件然后上传执行
SMC CLI
- 位置是在登陆SMC后的左下角
COMMAND LINE
add host
创建主机
Syntax
add host
Conmand
add host name "New Host 1" ip-address "192.0.2.1"
Output
无返回结果就是成功了
add network
创建新对象
Syntax
add network
Conmand
add network name "New Network 1" subnet "192.0.2.0" subnet-mask "255.255.255.0"
add access-rule
创建新策略
Syntax
add access-rule
Conmand
add access-rule layer "Network" position 1 name "Rule 1" service.1 "SMTP" service.2 "AOL" vpn "MyIntranet"
Output
无返回结果就是成功了
以上就是CP在 设备的命令行和SMC的命令行上如何敲命令进行操作,批处理推荐执行脚本 GAREWAYS&SERVERS
->中间Scripts
可以写脚本然后执行 语法与登陆设备的CLI命令相似