claim-gaia-gateway

Description

Claim a Gaia Gateway with a template-id.

If the Gaia Security Gateway is ready for deployment with its final configuration and deployment decisions, the under-construction parameter should be at its default (false) in the Gaia template that is used to claim the Security Gateway. The Security Gateway is then enabled for downloads from Zero Touch Allows users to manage the initial configurations of "Small Office" and "Gaia Gateways" easily and remotely. Settings from the Zero Touch Server replace the First Time Configuration Wizard. The Zero Touch Cloud Service runs a Web Portal and supports REST API. All actions are available through API calls. immediately.

If the Gaia Security Gateway needs additional configuration, under-construction should be set to "true" in the Gaia template used to claim the Security Gateway. This prevent downloads until the final configuration editing is complete.

Edits to the template after the Security Gateway is claimed have no effect on the Security Gateway.

Use the set-gaia-claimed-gateway-configuration command to edit the Security Gateway and to change under-construction to "false" to allow the Zero Touch downloads to start.

Request URL

POST

https://zerotouch.checkpoint.com/ZeroTouch/web_api/v2/claim-gaia-gateway

Request Headers

Parameter Name	Type	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services
`X-chkp-sid`	string token	Session unique identifier as the response to the login request

Request Body

Parameter Name	Status	Type	Description
`mac`	Mandatory	string	Unique Media Access Control address for the Security Gateway
`object-name`	Mandatory	string	The Security Gateway's name, a required field when claiming a Security Gateway
`account-id`	Mandatory	int	The User Center account to which Security Gateways and templates belong
`template-id`	Mandatory	int	The template's unique identifier

Response

On Success, HTTP Return code: 200

Parameter Name	Type	Description
`creation-time`	object	Timestamps for claiming a Security Gateway
`last-modify-time`	object	Timestamps for last modifying a Security Gateway
`mac`	string	Unique Media Access Control address for the Security Gateway
`object-name`	string	The Security Gateway's name, a required field when claiming a Security Gateway
`template-name`	string	The name of the template used to claim this Security Gateway
`is-locked`	boolean	If true, the Security Gateway is locked because of repeated invalid entries of `identification-key` Set to "`false`" to unlock the Security Gateway and retry the `identification-key` It is not possible to use "`true`" to lock it
`reported-status-time`	int	Timestamp when the Security Gateway last reported its status The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`reported-display-status`	string	Possible values: `Not reported, Installing, Finished, Rebooting, Failed, Error, Fetched`
`ip-address`	string	The IP address from which the Zero Touch server receives status reports sent by the Security Gateway This IP address is the same as the `ext-interface-ip` if there are no changes from a NAT device or a proxy
`ext-interface-ip`	string	The IP address configured on the external interface of the Security Gateway
`sku`	string	Stock Keeping Unit code for the Security Gateway
`account-id`	int	The User Center account to which Security Gateways and templates belong
`template-id`	int	The template's unique identifier
`mgmt-eth-subnet-mask-ipv4`	string	IPv4's subnet mask
`config-ipv6`	boolean	Must be "`true`" to set ipv6 configuration
`mgmt-eth-mask-length-ipv6`	int	Enter the mask length value if `config-ipv6` is "`true`"
`default-gateway-ipv6`	string	Enter the default gateway if `config-ipv6` is "`true`"
`under-construction`	boolean	A "`true`" value prevents downloads to the Security Gateway until the final configuration and deployment decisions are complete Default value: `false`
`ntp1`	string	Network Time Protocol for clock synchronization between computer systems `ntp.checkpoint.com` is recommended
`ntp1-version`	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`ntp2`	string	Network Time Protocol for clock synchronization between computer systems `ntp2.checkpoint.com` is recommended
`ntp2-version`	string	Most recent version of Check Point's NTP servers is the string value "`4`"
`default-gateway-ipv4`	string	IPv4's default gateway
`proxy-server`	string	IP address of the proxy server
`proxy-port`	int	Proxy port number for client connections (`8080` by default)
`gaia-version-id`	int	ID number of Gaia version from: `show-all-gaia-versions-ids`
`force-reimage`	boolean	If "`true`", this forces a re-image of the machine even if the selected Gaia image version is already installed
`identification-key`	string	This is configured on the Security Gateway as a unique identifier to be recognized unambiguously by Zero Touch The string for the key is set at the Security Gateway's command line interface: `set cloud-config identification-key <key_string>` If there are repeated invalid entries of `identification-key` in API requests, the Security Gateway locks itself, and the value of the parameter `is-locked` changes to "`true`" Set `is-locked` to "`false`" to unlock the Security Gateway and try again the `identification-key`
`activate-with-url`	boolean	If "`true`", one-time activation link is generated during Security Gateway claim operation
`activation-url-key`	string	Random part of a one time activation link. Full link built as: Zero Touch
`comments`	string	General comments
`creating-user`	string	The user who claims a Security Gateway
`last-modifying-user`	string	The user who last modified a Security Gateway
`user-script`	string	CLI commands execute on the Security Gateway immediately after all other settings are applied In multiline CLISH scripts, use end line ("`\n`") at the end of each command line `"user-script": "set static-route 192.0.2.100 nexthop gateway address 192.0.2.155 on\nset static-route 192.0.3.0/24 nexthop blackhole\n"` Before executing the script, the Security Gateway locks the database automatically No need to add the `"lock database override"` command to the script
`admin-password`	string	Administrator password for the Security Gateway The `admin-password` is returned as "`******`" in the JSON response
`upload-info`	boolean	Controls the Upload Consent Flag on the Security Gateway If "`true`", enables the Upload Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`mgmt-eth-ip-address-ipv4`	string	IPv4 address
`ftw-sic-key`	string	Creating a Secure Internal Communication (SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) activation key
`dns-server1`	string	The primary DNS server
`dns-server2`	string	The secondary DNS server
`dns-server3`	string	The tertiary DNS server
`download-info`	boolean	Controls the Download Consent Flag on the Security Gateway If "`true`", enables the Download Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`cluster-member`	boolean	If "`true`", the Security Gateway is a member of a cluster
`mgmt-eth-ip-address-ipv6`	string	Enter this IP address if `config-ipv6` is "`true`"
`time-zone`	string	Time zone for the Security Gateway See Configuring the Time Zone on Gaia Security Gateways

creation-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

last-modify-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

activation-url-creation-date

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

activation-url-actuation-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

On Failure, HTTP Return code: 400, 401, 500

Parameter Name	Type	Description
`message`	string	Operation status
`messages`	List: string	List of validation errors
`code`	string	Error code

Request Example

{
"mac": "xx:xx:xx:8B:C8:0A",
"object-name": "gw8BC80A",
"account-id": 7899567,
"template-id": 87352492
}

Response Example

{
  "mac": "xx:xx:xx:8B:C8:0A",
  "name": "gw8BC80A",
  "template-name": "Template B",
  "is-locked": false,
  "reported-status-time": null,
  "reported-display-status": "Not reported",
  "ip-address": null,
  "ext-interface-ip": null,
  "sku": "CPAP-SG3200-NGTX",
  "account-id": 7899567,
  "template-id": 87352492,
  "mgmt-eth-subnet-mask-ipv4": "",
  "config-ipv6": false,
  "mgmt-eth-mask-length-ipv6": "",
  "default-gateway-ipv6": "",
  "under-construction": false,
  "ntp1": "ntp.checkpoint.com",
  "ntp1-version": "4",
  "ntp2": "ntp2.checkpoint.com",
  "ntp2-version": "4",
  "default-gateway-ipv4": "",
  "proxy-server": "",
  "force-reimage": false,
  "identification-key": "******",
  "comments": "My comments",
  "creating-user": "user@domain.com",
  "last-modifying-user": null,
  "user-script": "",
  "admin-password": "******",
  "upload-info": true,
  "mgmt-eth-ip-address-ipv4": "",
  "ftw-sic-key": "******",
  "dns-server1": "",
  "dns-server2": "",
  "dns-server3": "",
  "creation-time": {
    "posix": 1530099088,
    "iso-8601": "2018-06-27T11:31"
  },
  "last-modify-time": {
    "posix": 1530099088,
    "iso-8601": "2018-06-27T11:31"
  },
  "gaia-version-id": 4,
  "download-info": true,
  "cluster-member": false,
  "mgmt-eth-ip-address-ipv6": "",
  "proxy-port": null,
  "time-zone": "London, Europe (GMT)"
}