CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Script to Restart Remote Gateways

  1. #1
    Join Date
    2017-02-06
    Posts
    16
    Rep Power
    0

    Default Script to Restart Remote Gateways

    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri

  2. #2
    Join Date
    2006-09-26
    Posts
    3,199
    Rep Power
    18

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by terri8369 View Post
    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri
    I don't have 1100 or 1430 so I don't have experiences with them. if they are the same as checkpoint running on open servers, I would do something like this:

    1- have a centralized linux system for administration purposes,
    2- place the public key of this linux server to all the checkpoint appliances,
    3- write a tiny bash scripts to allow the linux server to ssh into the checkpoint appliances and perform the reboot,
    4- put in a cron job on the linux server to perform the reboot at the appropriate time,

    That will do the trick for you.

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,668
    Rep Power
    11

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by terri8369 View Post
    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri
    # From MGMT server / CMA
    cprid_util -server $IP -verbose rexec -rcmd bash -c 'reboot'

    I don't remember if the reboot command will ask you if your sure or not. This should work on SMB or normal gaia.

    if you make a list of IPs to do this on it would be something like this (assuming firewalls listed in fws.txt with each line only containing a hostname or IP)

    for x in $(cat $fws.txt) ; do cprid_util -server $x -verbose rexec -rcmd bash -c 'reboot' ; done

    That may not be %100 but it should be very close. I would test with issuing the hostname command first.

    ssh key auth work also well, however checkpoint made that.. hmm... interesting on the SMB line because "/" isn't owned by root among other things. ssh key auth is generally a pain there.
    Last edited by jflemingeds; 2018-03-20 at 17:29. Reason: from where again?

  4. #4
    Join Date
    2006-09-26
    Posts
    3,199
    Rep Power
    18

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by jflemingeds View Post
    # From MGMT server / CMA
    cprid_util -server $IP -verbose rexec -rcmd bash -c 'reboot'

    I don't remember if the reboot command will ask you if your sure or not. This should work on SMB or normal gaia.

    if you make a list of IPs to do this on it would be something like this (assuming firewalls listed in fws.txt with each line only containing a hostname or IP)

    for x in $(cat $fws.txt) ; do cprid_util -server $x -verbose rexec -rcmd bash -c 'reboot' ; done

    That may not be %100 but it should be very close. I would test with issuing the hostname command first.

    ssh key auth work also well, however checkpoint made that.. hmm... interesting on the SMB line because "/" isn't owned by root among other things. ssh key auth is generally a pain there.
    it works on GAIA, didn't ask for "are you sure"
    [Expert@P1:0]# mdsenv 192.168.1.1
    [Expert@P1:0]# cprid_util -server 192.168.1.2 -verbose rexec -rcmd bash -c 'reboot'

Similar Threads

  1. 2 gateways / remote access community problem
    By mp2014 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 11
    Last Post: 2015-04-15, 13:34
  2. Remote Access With Two Gateways
    By bigkyle in forum SecureClient/SecuRemote
    Replies: 8
    Last Post: 2009-03-10, 15:57
  3. Remote Access With Two Gateways
    By bigkyle in forum SmartDirectory/LDAP/Active Directory
    Replies: 1
    Last Post: 2009-03-10, 07:04
  4. [HELP] CP NG R55 Secure Remote between 2 gateways
    By lukeluke in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2008-11-13, 11:59
  5. Remote Access Community Multiple gateways
    By DaveL in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2006-10-02, 11:40

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •