ααΆαααααααααααα’ααααααααααΆαα½α APIs ααααΌαααΆααααα αΆααα
αααααααΎαα½αααααΆααΆαα½αααΌααααααα·ααΈ αα
ααααααααΆα’αΆα
ααααΎαα
ααΆαααΎααααΈαααααΎαααααΎ API αα·αα§ααααααααααΆαααα·ααΆαααΆαααααΎααα API α ααααααΆαααΆααααα ααΆαα
αααα·αα’αΆα
ααααααααΆααααΆαα αααα
ααα’αα·αααααααααααα·ααΈ Python (ααα
αααα α
ααΆ Python SDK) αααααΆαα αα·αα·αααα
ααα»α
ααααααααα APIααα»αααααα
αααα»αα₯αααααααααα ααΆαα½αααααα½ααααααΈαα·αααααα’αααα’αα·αααααα αα·αα’αααα
αΌαα
α·αααααααααααααααα·αααααααΆαααΆααααα½αα Python ααα½αααΆααααααΆαααα·αααΆααααΆαααααΆααααΆαααααααΈαααα α αΎααααα»αααΆααααααα
α
α·ααααααααα
ααααα αα·ααα·αα·αααααΎαααααααααααΆαααα
Check Point αααα»αα’αα·αααα API αααΆαααααα α αΎααα
αααααα ααΆαααααααααααααΌαααΆαα
ααααααΆαα
Check Point Management API (αααααα αα α»αααααα 1.6) - ααααΎααΆαααΆαα½ααααΆαααΈααααααα½ααα·αα·αααααΆαααα API (αα·ααααααααΆααααα»αααΆαααααα·ααααα·ααααααΈααα ααΎα αααααααΌαααααααααααααααααααΆαααΈααααααα½ααα·αα·ααα)Check Point GAIA API (αααααα αα α»αααααα 1.4) - ααααΎααΆαααΆαα½αα αααααααΆααα»ααααα·ααΆαααΆαααΆαααΆαααΆαααααΆαααα αα API 1.0 - ααααΎααΆαααΆαα½ααααα’ααααααΆα ααα αααα»α Check Point cloudAPI ααΆααααααΉαα’αααΈα’ααααααααΆα - ααααΎααΆαααΆαα½α blade ααΆααααααΉαα’αααΈα’ααααααααΆααα ααΎα αααααααΌαAPI αα·αααααααααααααααα»ααααα·ααΆα - ααααΎααΆαααΆαα½ααα·ααααααααααααααα αααααααΌα SMB (αααααααααα’αααΈ SMB gateways )IoT API - α’ααααααααααΆαα½αα§ααααααααααΆ IoTCloudGuard Connect API - ααααΎααΆαβααΆαα½αCloudGuard ααααΆαα (αααααααααΆααα»ααααα·ααΆα SD-WAN)Dome9 API - ααααΎααΆαβααΆαα½αDome9 α
Python SDK αα αα α»ααααααααΆααααααα’ααααααααααΆαα½α API ααααααααα αα·α Gaia API. ααΎαααΉααα·αα·αααααΎαααααΆααααααΆααα αα·ααΈααΆααααα αα·αα’ααααα αααα»ααααΌαα»ααααα
ααΆαααα‘αΎααααΌαα»α
αααΌαα»α cpapi ααα‘αΎααααΆααα αα αα·αααΆααααα½αααΈ
ααΆαα αΆααααααΎα
ααΎααααΈα±ααααΎαα’αΆα ααααΎααΆαααΆαα½ααααΆαααΆαα»αααααΌαα»α cpapi ααΎαααααΌαααΆαα αΌαααΈαααΌαα»α cpapi αααΆαα αα ααΆααααΈαααααΆαααααααααΌαααΆαα
APIClient ΠΈ APIClientArgs
from cpapi import APIClient, APIClientArgs
ΠΠ»Π°ΡΡ APIClientArgs ααα½ααα»αααααΌαα αααααααΆαααΆαααααααααααΆαααα αααΆαααΈααα API αα·αααααΆαα APIClient ααα½ααα»αααααΌαα ααααα’ααααααααααΆαα½α API α
ααααααααΆαααΆααααααααααΆααααααΆαα
ααΎααααΈααααααααΆαααΆαααααααααααααααααΆααααααΆαααα API α’αααααααΌααααααΎαα§ααΆα αααααααααΆαα APIClientArgs. ααΆαααααΆααα αααΆαααΆααααααααααααΆααααΌαααΆααααααααΆαα»α α αΎααα αααααααΎαααΆαααααααΈααα ααΎαααΆαααΈααααααααΆ αα½ααααα·αα αΆαααΆα ααααααΆααααα
client_args = APIClientArgs()
ααα»αααααα αααααααΎαααΆαααΎαααΆαααΈαααΆααΈααΈααΈ α’αααααααΌααααααΆαααααΆαα αα ααΆααα’αΆααααααΆα IP α¬ααααααααΆαααΈααααααααΆαααΈααα API (ααααΌαααΆαααααααΆααααΆααΆαααΆαααΈαααααααααααα)α αααα»αα§ααΆα αααααΆαααααα ααΎαααααααααΆαααΆααααααααααΆααααααΆαααααΆαααΈααα α αΎααααααα’αΆααααααΆα IP αααααααΆαααΈααααααααααααααΆααααα’ααααα
client_args = APIClientArgs(server='192.168.47.241')
ααΌααααα‘ααααΎααααΆαααΆααααααααΆααα’αα αα·ααααααααααΆαααΎαααααααΆ αααα’αΆα ααααΎααΆααα αααααααΆαααα αααΆαααΈααα APIα
α’αΆαα»ααααααααα·ααΈααΆααααα __init__ ααααααΆαα APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = context
αααα»αααΏααΆα’αΆαα»ααααααααα’αΆα ααααΌαααΆαααααΎαα αααα»αα§ααΆα αααααααααΆαα APIClientArgs ααΊαα·α αΆααααΆαα ααααα’αααααααααααα Check Point α αΎααα·αααααΌαααΆαααα·αααααααααααααα
αααα»αααααΆααααΆαααα APIClient αα·ααααααα·ααΈαααααααααααα·αα
ΠΠ»Π°ΡΡ APIClient αααααααΆαααΆααααα½ααααα»ααααα»αααΆαααααΎααααΆααααΆααΊααΆαααααααααα·ααΈαααααααααααα·ααα α’αααΈααΆααα’αααααααααΌααααααΌααα ααΆααα§ααΆα αααααααααΆαα APIClient ααΊααΆαααΆαααΆααααααααααΆααααααΆαααααααααΌαααΆαααααααααα»αααα αΆααα»αα
with APIClient(client_args) as client:
αααααα·ααΈαααααααααααα·ααααΉααα·αααααΎααΆαα α α αΌααααααααααααααααα·αα ααΆαααααΆαααΈααα API ααααα ααα»ααααααΆααΉαααααΎααΆαα α α αααα αααα ααααΈααΆα ααααα·αααΎα ααα»αααα½αα ααα½ααα·ααααααΌαα±ααα αΆαα αααααααΆααααΈαααα ααααΆαααααΎααΆαααΆαα½αααΆαα α API α’αααααααΌαα αΆααααααΎαααααΎααΆαααααα·αααααΎαααααα·ααΈαααααααααααα·ααα
client = APIClient(clieng_args)
αααα»ααα·αα·αααααΎαααΆααααααΆαα
αααααααΆαααΆααααα½ααααα»αααΎααααΈαα·αα·αααααΎαααΆααΎααΆααααααΆααααααΌαααΉααααΆαααΆαααααααααααΆααααααΆαααααα»αααααΎαα·ααΈααΆααααα αα·αα·ααα_ααααΆαααααΆααα. ααααα·αααΎααΆααααααααααΆααααααΌααα sha1 hash αααααΆααααααΆαααααΆααααααα·ααααΆαααααα API αααΆαααΈααααααΆααα (αα·ααΈααΆααααααααα‘αα αα·ααα·α) αααααΆαααα ααΆααΆααααααΆαααααΆαααααΈαααα αΆααααΆααααααΆαα α αΎαααΎαα’αΆα ααααααααΆαααααα·ααααα·αααααααα·ααΈ (α¬αααααα±ααα’αααααααΎααααΆααααΌαα±ααΆαααΎααααΈαααααααΌααα·ααααααααΆααααααΆαα):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
ααΌαα αααΆαααΆαα αααα’ααΆααααααΆαα APIClient ααΉααα·αα·αααααΎαααΆααααΆαα α API (αα·ααΈααΆααααα api_call ΠΈ api_queryααΎαααΉααα·ααΆαα’αααΈαα½αααααααα·α ααα) αα·ααααΆααααααααααΆαααααΆααα sha1 αα ααΎαααΆαααΈααα API α ααα»ααααααααα·αααΎαα ααααα·αα·αααααααΆαααααΆααα sha1 αααα·ααααΆαααααααααΆαααΈααα API ααα α»αααααΌαααΆαααααΎα (αα·ααααΆαααααααα·αααααΆαα α¬ααααΌαααΆαααααΆααααααΌα) αα·ααΈααΆααααα αα·αα·ααα_ααααΆαααααΆααα ααΉααααααα±ααΆαααΎααααΈαααααα/ααααΆααααααΌαααααααΆαα’αααΈααΆαα ααΎαααΆαααΈαααΌαααααΆααααααααααααααααα·α ααΆααααα½ααα·αα·ααααααα’αΆα ααααΌαααΆααα·αααΆαααααα»α (ααα»αααααααα’αΆα ααααΆαααΆααα»αααααΆααααααααΈαααααΎαααΆααα ααΎαααΆαααΈααα API αααα½αααΆ αα αααααααΆαααα 127.0.0.1) αααααααΎα’αΆαα»ααααα APIClientArgs - unsafe_auto_accept (ααΌαααΎαααααααα’αααΈ APIClientArgs αα»ααα αααα»α "ααΆαααααααααΆαααΆααααααααΆααααααΆαα") α
client_args = APIClientArgs(unsafe_auto_accept=True)
α αΌααα αααΆαααΈααα API
Π£ APIClient ααΆααα·ααΈααΆαααααααΆα αααΎαααΌα ααΆ 3 αααααΆααα αΌααα αααα»ααααΆαααΈααα API α αΎααα½αααααααΆααααααααΈα’αααααα sid(session-id) αααααααΌαααΆαααααΎαααααααααααααααα·αα αααα»αααΆαα α API ααΆαααααααααΆααααΈαα½αααα αααα»αααααααΆ (ααααααα αααα»αααααααΆαααααΆαααΆαααααααααααΊ X-chkp-sid) ααΌα αααααα·αα αΆαααΆα αααααΎαααΆααααΆαααΆααααααααααααααα
αα·ααΈααΆαααααα αΌα
αααααΎααααααααΎααΆαα αΌα αα·αααΆααααααααΆαα (αααα»αα§ααΆα ααα αααααα’αααααααΎααααΆαα α’αααααααααααα αα·αααΆααααααααΆαα 1q2w3e ααααΌαααΆαααααααΆααααΆα’αΆαα»αααααααΈααΆαα)α
login = client.login('admin', '1q2w3e')
αααΆαααΆαααααααααααΎαααααααααααΆααα αααα»ααα·ααΈααΆαααααα αΌαααα αααααΊααΆααααα αα·ααααααααααΆαααΎααααααα½αααα
continue_last_session=False, domain=None, read_only=False, payload=None
αα·ααΈααΆααααα Login_with_api_key
αααααΎααααααααΎαα api (ααΆαααααααα αΆααααααΎαααΈααααααααααααα R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" αααβααΆβαααααβαααααΉα API αααααΆααβα’αααβααααΎβααααΆααβαα βααΎβαααΆαααΈαβααβαααααααααβααΆαα½αβααΉαβαα·ααΈααΆαααααβα’αα»ααααΆαβαααααΉα APIα
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
αα αααα»ααα·ααΈααΆααααα login_with_api_key αααΆαααΆαααααααααααΎαααΌα ααααΆααΊα’αΆα ααααΆαααΌα αα αααα»ααα·ααΈααΆααααα α αΌα.
αα·ααΈααΆααααα login_as_root
αααααΎαααΎααααΈα αΌααα ααΆαααααΆαααΈαααΌαααααΆαααΆαα½ααααΆαααΈααα APIα
login = client.login_as_root()
ααΆααααΆαααΆααααααααααα α α·αααααααΈαααα»ααααααααααΆαααα·ααΈααΆααααααααα
domain=None, payload=None
α αΎαααΈαααα»α API α α αααα½αα―α
ααΎαααΆααααααΎαααΈαααΎααααΈααααΎααΆαα α API ααΆαααααα·ααΈααΆααααα api_call ΠΈ api_query. α αΌαααΎαααααααααααΆααΎα’αααΈααΆααΆααα»αααααΆαααΆααα½αααα
api_call
αα·ααΈααΆααααααααα’αΆα α’αα»ααααααΆααααααΆααααΆαα α ααΌαααααααΆαα½αα ααΎαααααΌαααααααΆαααααααα α»αααααααααααΆααααΆαα α api αα·α payload αα αααα»ααααααααααΎααααα·αααΎα αΆαααΆα αα ααααα·αααΎ payload ααΊααα αααααΆαα·αα’αΆα αααααΌαααΆαααΆαααααααα
api_versions = client.api_call('show-api-versions')
αααααααααααΆααααααΎαααααΆααααααααΆααα
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})
αααααααααααΆααααααΎαααααΆααααααααΆααα
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
α’αα»ααααΆαα±αααααα»αααααΎααΆαααααα»αααααΆααααΆαα·ααΈααΆααααααααα’αΆα α’αα»ααααααΆααααααΆααααααΆαα α ααΌααααααααααααααααΆααααααΉαα’α»α αααα·αααα»αααααα ααΆαααααα·ααααΆαααααααααΎαα‘αΎααα ααααααααΆααΆα α¬α’αΆα ααΆαααααααΆαα αααΎαα α§ααΆα ααα αααα’αΆα ααΆααααΎαααααΆαααααααΈααααααα»αααΆαααΈααααααΆααααααΎαααΆααα’αααα ααΎαααΆαααΈααααααααααααα αααααΆααααααΎαααααα API αααα‘αααααααΈααααα» 50 ααΆαααααΆαααΎα (α’αααα’αΆα αααααΎαααααααααααα 500 ααααα»αααα»αααΆαααααΎααα) α α αΎαααΎααααΈαα»αα±ααααΆαααααααΆαα αααΎααα ααΆαααααΆααααααΌααααΆαααΆααααααα’α»α αααα·ααααα»αααααΎ API ααΆααα·ααΈααΆααααα api_query αααααααΎαααΆαααααααααααααααααααα·α α§ααΆα αααβααβααΆαβα α βααΌαααααβαααβααααΌαβααΆαβαα·ααΈααΆαααααβαααα show-sessions, show-hosts, show-networks, show-wildcards, show-group, show-address-ranges, show-simple-gateways, show-simple-cluster, show-access-roles, show-trusted-client, αααα αααααα αΆα. ααΆαααΆααα·α ααΎαααΎαααΆααααα α»αα αααα αααα»ααααααααααΆαα α API ααΆααααα ααΌα ααααααΆαα α ααΆαααααααΉαααΆααααααΆααααα½ααααα»αααΆααααααααΆαααΆαααα api_query
show_hosts = client.api_query('show-hosts')
αααααααααααΆααααααΎαααααΆααααααααΆααα
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
αααα»αααααΎαααΆαααααααααααΆαα α API
αααααΆααααΈαααα’αααα’αΆα ααααΎα’ααα αα·ααα·ααΈααΆαααααααααααΆαα APIResponse(ααΆααααΆααααα»αα’ααααααααααααααα·αα αα·αααΆααααα )α αα ααααΆαα APIResponse αα·ααΈααΆααααα 4 αα·α 5 variables ααααΌαααΆααααααααΆαα»α ααΎαααΉαααααα ααΎα’αααΈαααααααΆαααααα»αααααααα’α·ααααααααααα
ααΆααααααα
ααΎααααΈα αΆααααααΎα ααΆααΆαααα·αααα’αααα»αααΆαααααΎα±ααααααΆααααΆααΆαα α API ααα½αααΆααααααα αα·αααααααααααααααα·αα ααΆααα·ααΈααΆααααααααααΆααααΏαααα ααΆααααααα:
In [49]: api_versions.success
Out[49]: True
αααα‘αα True ααααα·αααΎααΆαα α API αααααα (αααααΌαααααΎααα - 200) αα·α False ααααα·αααΎαα·ααααααα (αααααΌαααααΎααααααααααα)α ααΆααΆααααα½αααααΎααααΆαααααααΆααααΈααΆαα α API ααΎααααΈαααα αΆαααααααΆαααααααααααΆα’αΆαααααααΎαααααΌαααααΎαααα
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message)
ααΌαααααΆαααΆα
αααα‘αααααααΌαααααΎααααααααΆααααΈααΆαα α API ααααΌαααΆαααααΎα‘αΎαα
In [62]: api_versions.status_code
Out[62]: 400
αααααΌαααααΎααααααα’αΆα ααααΎααΆαα 200,400,401,403,404,409,500,501.
set_success_status
αααα»αααααΈααα ααΆα’αΆα α αΆαααΆα ααααα»αααΆαααααΆααααααΌααααααααααααΆαααΆαααααααα ααΆααα αα ααααα α’αααα’αΆα ααΆααα’αααΈααααΆα ααΌααααΈααααααααααααΆαααααα ααα»ααααα§ααΆα αααααΆαααααααααΉαααααΌαααΆααααααα‘αΎααα·αααΌααααΆαααΆααααααααααα ααΆ False ααααααααααααααα½αα ααα½ααααααααΆααααααΆαα½αα ααΆααααααααα ααΌαααα α·ααααα»αααΆααααΎα§ααΆα ααα αα ααααααααΆααα·α αα ααΆαααααααα»αααααΎαααΆααα ααΎαααΆαααΈαααααααααααα ααα»ααααααΎαααΉααα·α αΆαααΆααααΎααααα·ααααααα (ααΎαααΉααααααα’ααααααααααα ααΆ αα·ααα·ααααααΈααΆααΆααα·ααααααΆααΆαα α API ααα½αααΆαααααααα αΎαααΆααααα‘αααααααΌα 200) α
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
break
ααΆαααααΎααα ()
αα·ααΈααΆαααααααααΎαααα’αα»ααααΆαα±ααα’αααααΎααα ααΆαα»ααααααΆαα½ααααααΌαααααΎααα (status_code) αα·ααα½ααΆαααααΎααα (αα½)α
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
αα·αααααα
α’αα»ααααΆαα±ααα’αααααΎαααΎααααα½ααααΆαααααΎααα (ααΆαααΆα) αααααααΆαααααααΆαααααα·αα αΆαααΆα αα
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
ααααααΆααααα’αΆα ααααΎααΆααααα ααααααααΆαααα α»αααΎαα‘αΎαααααααααααΎαααΆαααααΎ API (αααααΌαααααΎααα αα·αααΆα α’α α )α ααααααα§ααΆα ααα
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
α§ααΆα αααααΆααααααααα
ααΆαααααααααααΊααΆα§ααΆα ααααααααααΎααΆαα α API αααααααΌαααΆααααααααα αααα»α Management API 1.6α
ααΆααααΌα ααΌααααα‘ααααΎαααΈαααααααααΆαα α ααΌααααααααααΎαααΆα αααααα·ααΈαααααα ΠΈ αα½αααααααα’αΆααααααΆα. α§αααΆααΆααΎαααααΌααααααΎαα’αΆααααααΆα IP ααΆααα’αααααααααΆααα 192.168.0.0/24 αααααΆ octet α α»ααααααααΊ 5 ααΆααααα»αααααααααααΆαααΈα α αΎααααααα’αΆααααααΆα IP ααααααααααΆααα’ααααΆααααα»αααααααααα½αα’αΆααααααΆαα αααα»αααααΈααα ααα’αΆααααααΆααααααΆααα αα·αα’αΆααααααΆαααααΆαα
ααΌα αααα ααΆαααααααααααΊααΆααααααΈαααααααααααΆααααα αΆααα α αΎααααααΎαααααα» 50 αααααααααααΆαααΈα αα·α 51 ααααα»αααααααααα½αα’αΆααααααΆαα ααΎααααΈαααααααΆααααα αΆ ααΆαα α API 101 ααααΌαααΆαααΆαααΆα (αα·αααΆαααααα αΌαααΆαα α α ααα α»αααααα)α ααααα αααααααΎαααΌαα»α timeit ααΎαααααΆαααααααΆαααααΆααααΌαααΆαααΎααααΈααααα·ααααα·ααααααΈααα αΌααααααΆαααααΆααααααΌαααααΌαααΆαααααα»αααααααΆαα
ααααααΈααααααααΎ add-host αα·α add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
αα αααα»αααα·ααΆααΆααααααΈααα·ααααααααααααα»α ααααααΈααααααααΌαα αααΆααααααΈ 30 αα 50 αα·ααΆααΈααΎααααΈααααα·ααααα· α’αΆαααααααΎααΆααααα»ααα ααΎαααΆαααΈααααααααααααα
α₯α‘αΌααααααΌαααΎαααΈαααααααααααΆααααα αΆααΌα ααααΆαααααααΎααΆαα α API add-objects-batchααΆαααΆαααααααααααΌαααΆααααααααα αααα»α API αααα 1.6 α ααΆαα α ααΌααααααααα’αα»ααααΆαα±ααα’ααααααααΎαααααα»ααΆα αααΎααααα»αααααααα½ααααα»αααααΎ API αα½αα ααΎαααΈααααα ααα ααΆαααααα’αΆα ααΆααααα»ααααααααααααααααααΆ (α§ααΆα ααα αααΆαααΈα αααααΆααα αα·ααα½αα’αΆααααααΆα)α ααΌα ααααααΆααα·α αα ααααααΎαα’αΆα ααααΌαααΆααααααααΆααα αααα»ααααααααααααααΆαα α API αα½αα
ααααααΈααααααααΎ add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
α αΎαααΆαααααΎαααΆαααααααΈαααααα αααα»αααα·ααΆααΆααααααΈααα·ααααααααααααα»αααααΌαα αααΆααααααΈ 3 αα 7 αα·ααΆααΈ α’αΆαααααααΎααΆααααα»ααα ααΎαααΆαααΈααααααααααααα αααααΊααΆααααααα ααΎααααα» 101 API ααΆαα α ααααααααΆα αααααΎαααΆαααΏαααΆα 10 ααα αα ααΎααααα»αα½αα ααα½ααα ααΆααα»αααααΆααΉαααΆαααααα½αα’ααα αΆααα’αΆααααααα
α₯α‘αΌααααααΌαααΎαααΈααααααααΎααΆαααΆαα½α set-objects-batch. αααααααΎααΆαα α API ααα ααΎαα’αΆα ααααΆααααααΌααααΆαααΆααααααααΆαα½αα α αΌααααααααΆαααααααΆαααΈαα½αααα’αΆααααααΆαααΈα§ααΆα ααααα»α (αα αΌαααα .124 αααΆαααΈα αα·ααα½αααααα) αα ααααααΈααΆα α αΎαααααααααααΆααΈαα ααΆαααααααΆαααΈααΈαααα’αΆααααααΆαα
ααΆαααααΆααααααΌααααααααααα»αααααΆααααααΎααααα»αα§ααΆα ααααα»αα
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
α’αααα’αΆα αα»αααααα»ααΆα αααΎααα αααα»αααΆαα α API αα½ααααααααΎ αα»α-ααααα»-ααΆα α. α₯α‘αΌααααααΌαααΎαα§ααΆα αααααΌαααααα»ααααΆαααΈαααΆααα’αααααααΆααααααΎαααΈαα»αααΆαααα add-objects-batch.
ααΆααα»αααααα»αααααααΎαα»α-ααααα»-ααΆα α
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
αα»αααΆαααΆααα’ααααααααα αΆααα αααα»αααΆαα ααααααΆαααααΈαααααααα·ααΈ Check Point ααα½αααΆαααΆαα α API ααααΆααα ααΌα αααααα αααα»α R80.40 "αααααααα·ααα" ααΌα ααΆααΆααααααααα ααΆααα·αα·αααα‘αΎααα·α αα·α Smart Task ααΆααααα αΆααααα½α α αΎαααΆαα α API αααααααΌαααααΆααααΌαααΆααααα αααααΆαααααααΆαααα½αααα ααΎαααΈααα αα»αααΆαααΆααα’αααα αααααααΆααααααΌαααΈαα»αααΌα Legacy αα αα»αααΆααααααΆαααααααα½αααααα½α ααααα½αααΆαααΆαααΆαααα API αααααα ααΆα§ααΆα ααα ααΆαα’αΆαααααααααααα αΆαααΆααΌαααα αΎααα αααα»ααααααααααα·ααΈ R80.40 ααΊααΆααΆαααααΆααααΈαααααααΆααααααα½ααα·αα·ααα HTTPS ααΈααααα αΆαααα αααααααααΆαααααααα½αααααα½α α αΎααα»αααΆααααααΆαααα½αααΆαα α API ααααΆααα αααααΊααΆα§ααΆα αααααααΌααααααααααα αααΆαααα½ααα ααΈααΆααααααΌαααααααααααΆαα’αα·ααΆααα·α αα HTTPS ααααα·αααΆαααααα αΌα 3 ααααααααΈααΆααααα½ααα·αα·ααα (αα»αααΆα α α·ααααααααα» ααααΆαααααΆαα·ααΆα) αααααααΌαααΆαα αΆαααΆαααα·αα±ααααααΎα’αα·ααΆααα·α αα ααααααΆαα αααΆαααα αααα»ααααααααα½αα ααα½αα
ααααααα αααΆαααα αααααΆααααααα½ααα·αα·ααα HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
αααα»αααααΎαααΆαααααααΈα Python αα ααΎαααΆαααΈααααααααααααα ααα»α αααα½ααα·αα·ααα
α’αααΈααααααααΆαααΊααΌα
ααααΆα
ααααααΈααααααΆααααΆαααα‘αΎααα ααααααΆααααα½ααα·αα·ααααα»ααααα·ααΆα
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main()
α―αααΆαα§ααΆα ααααααααΆααα
ααΆαα»ααααααΆααααααααΆαααααααα_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","ΠΏΠ°ΡΠΎΠ»Ρ","ΠΠ°ΡΠΎΠ»Ρ","ΠΠ»ΡΡ","ΠΊΠ»ΡΡ","ΡΠΈΡΡ","Π¨ΠΈΡΡ"]
}
ααα ααααΈααααα·ααααΆα
α’αααααααααα·αα·αααααααααααΆαααΆααΌαααααΆαααααΆαααΆαααα»αααααα αααααααΆαα SDK αα·ααααΌαα»α cpapi(ααΌα
αααα’ααααααα ααααΆααΆαααΆα ααΆααααααα·αααΆααΆααααααΌα
ααααΆ) α αΎαααααα·ααααΆααΌααα
αααα»ααααΌαα»αααα α’αααααΉαααααΎαααααααΆαααΆααααα
αααΎααααα»αααΆαααααΎααΆαααΆαα½αααΆα ααΆα’αΆα
αα
αα½α
αααα’αααα
ααααααααααΆααΆαα½αααΉαααααΆαα αα»αααΆα αα·ααΈααΆααααα αα·αα’αααααααΆαααααα½αααααα’αααα α’ααααααααα’αΆα
α
αααααααααΆαααΆαααααα’ααα αα·αααΎαααααααΈααααααααααααααΆαα Check Point αα
αααα»αααααα
ααΈαααΆααααα»αααΆααααααααΌα αα·αα’ααα»ααααααΆααααΆαα’αΆααααα
αα!
ααααα: www.habr.com