add-gaia-template

Description

Create a new Gaia Gateway template for an account-id.

If the Security Gateway is ready for deployment with its final configuration and deployment decisions, the under-construction parameter should remain at its default (false). In this configuration, the Security Gateway downloads its settings immediately from Zero Touch Allows users to manage the initial configurations of "Small Office" and "Gaia Gateways" easily and remotely. Settings from the Zero Touch Server replace the First Time Configuration Wizard. The Zero Touch Cloud Service runs a Web Portal and supports REST API. All actions are available through API calls. when it is claimed.

If the Security Gateway needs additional editing, under-construction should be set to "true" in the template to prevent downloads until the final configuration editing is complete.

The Gaia Gateway only has access to its template when it is being claimed. Edits to the template afterward have no effect on the Security Gateway.

Use the set-gaia-claimed-gateway-configuration command to edit the Gaia Gateway before deployment and to change under-construction to "false" to allow the Zero Touch downloads to start.

Request URL

POST

https://zerotouch.checkpoint.com/ZeroTouch/web_api/v2/add-gaia-template

Request Headers

Parameter Name	Type	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services
`X-chkp-sid`	string token	Session unique identifier as the response to the login request

Request Body

Parameter Name	Status	Type	Description
`name`	Mandatory	string	The new template's name
`account-id`	Mandatory	int	The User Center account to which Security Gateways and templates belong
`admin-password`	Mandatory	string	Administrator password for the Security Gateway The `admin-password` is returned as "`******`" in the JSON response
`ftw-sic-key`	Mandatory	string	Creating a Secure Internal Communication (SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) activation key
`identification-key`	Mandatory	string	This is configured on the Security Gateway as a unique identifier to be recognized unambiguously by Zero Touch The string for the key is set at the Security Gateway's command line interface: `set cloud-config identification-key <key_string>` If there are repeated invalid entries of `identification-key` in API requests, the Security Gateway locks itself, and the value of the parameter `is-locked` changes to "`true`" Set `is-locked` to "`false`" to unlock the Security Gateway and try again the `identification-key`
`gaia-version-id`	Mandatory	int	ID number of Gaia version from: `show-all-gaia-versions-ids`
`force-reimage`	Mandatory	boolean	If "`true`", this forces a re-image of the machine even if the selected Gaia image version is already installed
`cluster-member`	Mandatory	boolean	If "`true`", the Security Gateway is a member of a cluster
`under-construction`	Mandatory	boolean	A "`true`" value prevents downloads to the Security Gateway until the final configuration and deployment decisions are complete Default value: `false`
`config-ipv6`	Mandatory	boolean	Must be "`true`" to set ipv6 configuration
`upload-info`	Mandatory	boolean	Controls the Upload Consent Flag on the Security Gateway If "`true`", enables the Upload Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`download-info`	Mandatory	boolean	Controls the Download Consent Flag on the Security Gateway If "`true`", enables the Download Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`time-zone`	Mandatory	string	Time zone for the Security Gateway See Configuring the Time Zone on Gaia Security Gateways
`activate-with-url`	Optional	boolean	If "`true`", one-time activation link is generated during Security Gateway claim operation
`template-id`	Optional	int	The template's unique identifier
`comments`	Optional	string	General comments
`user-script`	Optional	string	CLI commands execute on the Security Gateway immediately after all other settings are applied In multiline CLISH scripts, use end line ("`\n`") at the end of each command line `"user-script": "set static-route 192.0.2.100 nexthop gateway address 192.0.2.155 on\nset static-route 192.0.3.0/24 nexthop blackhole\n"` Before executing the script, the Security Gateway locks the database automatically No need to add the `"lock database override"` command to the script
`dns-server1`	Optional	string	The primary DNS server
`dns-server2`	Optional	string	The secondary DNS server
`dns-server3`	Optional	string	The tertiary DNS server
`ntp1`	Optional	string	Network Time Protocol for clock synchronization between computer systems `ntp.checkpoint.com` is recommended
`ntp2`	Optional	string	Network Time Protocol for clock synchronization between computer systems `ntp2.checkpoint.com` is recommended
`creating-user`	Optional	string	The `user` who created the template
`last-modifying-user`	Optional	string	The `user` who last modified the template
`mgmt-eth-ip-address-ipv6`	Optional	string	Enter this IP address if `config-ipv6` is "`true`"
`mgmt-eth-ip-address-ipv4`	Optional	string	IPv4 address
`mgmt-eth-subnet-mask-ipv4`	Optional	string	IPv4's subnet mask
`mgmt-eth-mask-length-ipv6`	Optional	int	Enter the mask length value if `config-ipv6` is "`true`"
`default-gateway-ipv6`	Optional	string	Enter the default gateway if `config-ipv6` is "`true`"
`ntp1-version`	Optional	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`ntp2-version`	Optional	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`default-gateway-ipv4`	Optional	string	IPv4's default gateway
`proxy-server`	Optional	string	IP address of the proxy server
`proxy-port`	Optional	int	Proxy port number for client connections (`8080` by default)

Response

On Success, HTTP Return code: 200

Parameter Name	Type	Description
`creation-time`	object	Timestamps for creating a template
`last-modify-time`	object	Timestamps for last modifying a template
`account-id`	int	The User Center account to which Security Gateways and templates belong
`template-id`	int	The template's unique identifier
`mgmt-eth-subnet-mask-ipv4`	string	IPv4's subnet mask
`config-ipv6`	boolean	Must be "`true`" to set ipv6 configuration
`mgmt-eth-mask-length-ipv6`	int	Enter the mask length value if `config-ipv6` is "`true`"
`default-gateway-ipv6`	string	Enter the default gateway if `config-ipv6` is "`true`"
`under-construction`	boolean	A "`true`" value prevents downloads to the Security Gateway until the final configuration and deployment decisions are complete Default value: `false`
`ntp1`	string	Network Time Protocol for clock synchronization between computer systems `ntp.checkpoint.com` is recommended
`ntp1-version`	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`ntp2`	string	Network Time Protocol for clock synchronization between computer systems `ntp2.checkpoint.com` is recommended
`ntp2-version`	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`default-gateway-ipv4`	string	IPv4's default gateway
`proxy-server`	string	IP address of the proxy server
`proxy-port`	int	Proxy port number for client connections (`8080` by default)
`gaia-version-id`	int	ID number of Gaia version from: `show-all-gaia-versions-ids`
`force-reimage`	boolean	If "`true`", this forces a re-image of the machine even if the selected Gaia image version is already installed
`identification-key`	string	This is configured on the Security Gateway as a unique identifier to be recognized unambiguously by Zero Touch The string for the key is set at the Security Gateway's command line interface: `set cloud-config identification-key <key_string>` If there are repeated invalid entries of `identification-key` in API requests, the Security Gateway locks itself, and the value of the parameter `is-locked` changes to "`true`" Set `is-locked` to "`false`" to unlock the Security Gateway and try again the `identification-key`
`activate-with-url`	boolean	If "`true`", one-time activation link is generated during Security Gateway claim operation
`comments`	string	General comments
`creating-user`	string	The `user` who created the template
`last-modifying-user`	string	The `user` who last modified the template
`user-script`	string	CLI commands execute on the Security Gateway immediately after all other settings are applied In multiline CLISH scripts, use end line ("`\n`") at the end of each command line `"user-script": "set static-route 192.0.2.100 nexthop gateway address 192.0.2.155 on\nset static-route 192.0.3.0/24 nexthop blackhole\n"` Before executing the script, the Security Gateway locks the database automatically No need to add the `"lock database override"` command to the script
`admin-password`	string	Administrator password for the Security Gateway The `admin-password` is returned as "`******`" in the JSON response
`upload-info`	boolean	Controls the Upload Consent Flag on the Security Gateway If "`true`", enables the Upload Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`mgmt-eth-ip-address-ipv4`	string	IPv4 address
`ftw-sic-key`	string	Creating a Secure Internal Communication (SIC) activation key
`dns-server1`	string	The primary DNS server
`dns-server2`	string	The secondary DNS server
`dns-server3`	string	The tertiary DNS server
`download-info`	boolean	Controls the Download Consent Flag on the Security Gateway If "`true`", enables the Download Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`cluster-member`	boolean	If "`true`", the Security Gateway is a member of a cluster
`mgmt-eth-ip-address-ipv6`	string	Enter this IP address if `config-ipv6` is "`true`"
`time-zone`	string	Time zone for the Security Gateway See Configuring the Time Zone on Gaia Security Gateways
`name`	string	The template name

creation-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

last-modify-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

On Failure, HTTP Return code: 400, 401, 500

Parameter Name	Type	Description
`message`	string	Operation status
`messages`	List: string	List of validation errors
`code`	string	Error code

Request Example

{
"name": "Template B",
"time-zone": "London, Europe (GMT)",
"proxy-port": null,
"account-id": 7899567,
"template-id": 5222500,
"comments": "My comments",
"user-script": "",
"upload-info": true,
"ftw-sic-key": "y6y6y6",
"dns-server1": "",
"dns-server2": "",
"dns-server3": "",
"config-ipv6": false,
"ntp1": "ntp.checkpoint.com",
"ntp2": "ntp2.checkpoint.com",
"identification-key": "k2k2k2",
"creating-user": "user@domain.com",
"last-modifying-user": "user@domain.com",
"admin-password": "l9l9l9",
"mgmt-eth-ip-address-ipv6": "",
"mgmt-eth-ip-address-ipv4": "",
"gaia-version-id": 4,
"download-info": true,
"cluster-member": false,
"mgmt-eth-subnet-mask-ipv4": "",
"mgmt-eth-mask-length-ipv6": "",
"default-gateway-ipv6": "",
"under-construction": false,
"ntp1-version": "4",
"ntp2-version": "4",
"default-gateway-ipv4": "",
"proxy-server": "",
"force-reimage": false
}

Response Example

{
"account-id": 7899567,
"template-id": 87352492,
"mgmt-eth-subnet-mask-ipv4": "",
"config-ipv6": false,
"mgmt-eth-mask-length-ipv6": "",
"default-gateway-ipv6": "",
"under-construction": false,
"ntp1": "ntp.checkpoint.com",
"ntp1-version": "4",
"ntp2": "ntp2.checkpoint.com",
"ntp2-version": "4",
"default-gateway-ipv4": "",
"proxy-server": "",
"force-reimage": false,
"identification-key": "******",
"comments": "My comments",
"creating-user": "user@domain.com",
"last-modifying-user": "user@domain.com",
"user-script": "",
"admin-password": "******",
"upload-info": true,
"mgmt-eth-ip-address-ipv4": "",
"ftw-sic-key": "******",
"dns-server1": "",
"dns-server2": "",
"dns-server3": "",
"creation-time": {
  "posix": 1530099088,
  "iso-8601": "2018-06-27T11:31"
},
"last-modify-time": {
  "posix": 1530099088,
  "iso-8601": "2018-06-27T11:31"
},
"gaia-version-id": 4,
"download-info": true,
"cluster-member": false,
"mgmt-eth-ip-address-ipv6": "",
"proxy-port": null,
"time-zone": "London, Europe (GMT)",
"name": "Template B"
}