CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 4 of 4

Thread: Script to Restart Remote Gateways

  1. #1
    Join Date
    2017-02-06
    Posts
    9
    Rep Power
    0

    Default Script to Restart Remote Gateways

    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri

  2. #2
    Join Date
    2006-09-26
    Posts
    3,162
    Rep Power
    16

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by terri8369 View Post
    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri
    I don't have 1100 or 1430 so I don't have experiences with them. if they are the same as checkpoint running on open servers, I would do something like this:

    1- have a centralized linux system for administration purposes,
    2- place the public key of this linux server to all the checkpoint appliances,
    3- write a tiny bash scripts to allow the linux server to ssh into the checkpoint appliances and perform the reboot,
    4- put in a cron job on the linux server to perform the reboot at the appropriate time,

    That will do the trick for you.

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,625
    Rep Power
    9

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by terri8369 View Post
    We recently upgraded from 77.30 to 80.10. We have a VPN community with about 100 remote devices (a mix of 1100's and 1430's all on 75 or higher). I need to reboot all these devices, and would like to do so with a script in the wee hours of the morning. I was able to use provisioning in 77.30 to do this, but have not found a way to do it in 80.10. Is it possible? Any assistance is greatly appreciated. --terri
    # From MGMT server / CMA
    cprid_util -server $IP -verbose rexec -rcmd bash -c 'reboot'

    I don't remember if the reboot command will ask you if your sure or not. This should work on SMB or normal gaia.

    if you make a list of IPs to do this on it would be something like this (assuming firewalls listed in fws.txt with each line only containing a hostname or IP)

    for x in $(cat $fws.txt) ; do cprid_util -server $x -verbose rexec -rcmd bash -c 'reboot' ; done

    That may not be %100 but it should be very close. I would test with issuing the hostname command first.

    ssh key auth work also well, however checkpoint made that.. hmm... interesting on the SMB line because "/" isn't owned by root among other things. ssh key auth is generally a pain there.
    Last edited by jflemingeds; 2018-03-20 at 17:29. Reason: from where again?

  4. #4
    Join Date
    2006-09-26
    Posts
    3,162
    Rep Power
    16

    Default Re: Script to Restart Remote Gateways

    Quote Originally Posted by jflemingeds View Post
    # From MGMT server / CMA
    cprid_util -server $IP -verbose rexec -rcmd bash -c 'reboot'

    I don't remember if the reboot command will ask you if your sure or not. This should work on SMB or normal gaia.

    if you make a list of IPs to do this on it would be something like this (assuming firewalls listed in fws.txt with each line only containing a hostname or IP)

    for x in $(cat $fws.txt) ; do cprid_util -server $x -verbose rexec -rcmd bash -c 'reboot' ; done

    That may not be %100 but it should be very close. I would test with issuing the hostname command first.

    ssh key auth work also well, however checkpoint made that.. hmm... interesting on the SMB line because "/" isn't owned by root among other things. ssh key auth is generally a pain there.
    it works on GAIA, didn't ask for "are you sure"
    [Expert@P1:0]# mdsenv 192.168.1.1
    [Expert@P1:0]# cprid_util -server 192.168.1.2 -verbose rexec -rcmd bash -c 'reboot'

Similar Threads

  1. 2 gateways / remote access community problem
    By mp2014 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 11
    Last Post: 2015-04-15, 13:34
  2. Remote Access With Two Gateways
    By bigkyle in forum SecureClient/SecuRemote
    Replies: 8
    Last Post: 2009-03-10, 15:57
  3. Remote Access With Two Gateways
    By bigkyle in forum SmartDirectory/LDAP/Active Directory
    Replies: 1
    Last Post: 2009-03-10, 07:04
  4. [HELP] CP NG R55 Secure Remote between 2 gateways
    By lukeluke in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2008-11-13, 11:59
  5. Remote Access Community Multiple gateways
    By DaveL in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2006-10-02, 11:40

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •