claim-gateway

Description

Claim a Small Office Gateway with a template-id.

If the Security Gateway is ready for deployment with its final configuration and deployment decisions, the under-construction parameter should be at its default (false) in the Small Office template that is used to claim the Security Gateway. The Security Gateway is then enabled for downloads from Zero Touch Allows users to manage the initial configurations of "Small Office" and "Gaia Gateways" easily and remotely. Settings from the Zero Touch Server replace the First Time Configuration Wizard. The Zero Touch Cloud Service runs a Web Portal and supports REST API. All actions are available through API calls. immediately.

If the Small Office Gateway needs additional editing, under-construction should be set to "true" in the Small Office template used to claim the Security Gateway. This prevent downloads until the final configuration editing is complete.

Edits to the template after the Security Gateway is claimed have no effect on the Security Gateway.

Use the set-claimed-gateway-configuration command to edit the Security Gateway and to change under-construction to "false" to allow the Zero Touch downloads to start.

Request URL

POST

https://zerotouch.checkpoint.com/ZeroTouch/web_api/v2/claim-gateway

Request Headers

Parameter Name	Type	Description
`Content-Type`	application/json	Send JSON object to use the API Web Services
`X-chkp-sid`	string token	Session unique identifier as the response to the login request

Request Body

Parameter Name	Status	Type	Description
`object-name`	Mandatory	string	The Security Gateway's name, a required field when claiming a Security Gateway
`account-id`	Mandatory	int	The User Center account to which Security Gateways and templates belong
`template-id`	Mandatory	int	The template's unique identifier
`mac`	Mandatory	string	Unique Media Access Control address for the Security Gateway

Response

On Success, HTTP Return code: 200

Parameter Name	Type	Description
`gateway-configuration`	object	Gateway configuration information
`creation-time`	object	Timestamps for claiming a Security Gateway
`last-modify-time`	object	Timestamps for last modifying a Security Gateway
`gateway-status`	object	Gateway status information

gateway-configuration

Parameter Name	Type	Description
`object-name`	string	The Security Gateway's name, a required field when claiming a Security Gateway
`account-id`	int	The User Center account to which Security Gateways and templates belong
`template-id`	int	The template's unique identifier
`template-name`	string	The name of the template used to claim this Security Gateway
`creating-user`	string	The user who claims a Security Gateway
`last-modifying-user`	string	The user who last modified a Security Gateway
`service-center`	string	IP address or the DNS of the SMP server To manage your Security Gateway from SMP, fill these fields: `service-center`, `registration-key`, `and portal` (used by the Security Gateway for cloud activation)
`registration-key`	string	Key obtained from the Gateway page in the SMP server To manage your Security Gateway from SMP, fill these fields: `service-center`, `registration-key`, `portal` (Used by the Security Gateway for cloud activation)
`user-script`	string	CLI commands execute on the Security Gateway immediately after all other settings are applied In multiline CLISH scripts, use end line ("`\n`") at the end of each command line `"user-script": "set static-route 192.0.2.100 nexthop gateway address 192.0.2.155 on\nset static-route 192.0.3.0/24 nexthop blackhole\n"` Before executing the script, the Security Gateway locks the database automatically No need to add the `"lock database override"` command to the script
`wireless-country`	string	Country in which the Security Gateway is deployed. See Configuring the Wireless Country on Gaia Embedded Security Gateways.
`admin-password`	string	Administrator password for the Security Gateway The `admin-password` is returned as "`******`" in the JSON response
`admin-access`	string	Networks and IP addresses from which an administrator can access the Security Gateway For example: `"10.2.3.56",` `"192.1.1.2,10.1.1.7/255.255.255.0"` An empty string means "any IP address"
`accept-lan`	boolean	Administrator has access to the Security Gateway from a LAN, if "`true`" Default value: `true`
`accept-wifi`	boolean	Administrator has access to the Security Gateway from a trusted WiFi, if "`true`" Default value: `true`
`accept-vpn`	boolean	Administrator has access to the Security Gateway from a VPN, if "`true`" Default value: `true`
`accept-wan`	boolean	Administrator has access to the Security Gateway from the internet, if "`true`" Default value: `true`
`limit-source-ip-mode`	string	If "`true`", ignores certificate (if your SMP has a certificate from a CA that is not known to the Security Gateway) Default value: `false`
`ignore-cert-verification`	boolean	If "`true`", ignores certificate (if your SMP has a certificate from a CA that is not known to the Security Gateway) Default value: `false`
`use-cpn-tp-server`	boolean	Use Check Point NTP servers `False` indicates not using them Default value: `true`
`auto-gateway-creation`	boolean	To automatically create the Security Gateway in the SMP, set to "`true`" If "`true`", these fields are required: `plan`, `service-center`, `registration-key,portal` If "`false`", `plan` must be empty Default value: `false`
`rmd-web-url`	string	Link for "Reach My Device Check Point's service that enables connections to a gateway's management even when it is behind NAT."
`rmd-shell-url`	string	Link for "Reach My Device"
`activate-rmd`	boolean	If "`true`", then the Security Gateway uses "Reach My Device" to be accessible while using NAT (Network Address Translation) within an organization
`under-construction`	boolean	A "`true`" value prevents downloads to the Security Gateway until the final configuration and deployment decisions are complete Default value: `false`
`upload-info`	boolean	Controls the Upload Consent Flag on the Security Gateway If "`true`", enables the Upload Consent Flag For R81.20 and higher, see sk175504 For R81.10 and lower, see sk111080
`time-zone`	string	Time zone for the Security Gateway See Configuring the Time Zone on Gaia Embedded Security Gateways
`mac`	string	Unique Media Access Control address for the Security Gateway
`comments`	string	General comments
`portal`	string	Service domain name for the Security Gateway To manage your Security Gateway from SMP, fill these fields: `service-center`, `registration-key`, `portal` (Used by the Security Gateway for cloud activation)
`plan`	string	Plan name from the SMP If you fill this field, these fields are required: `auto-gateway-creation`, `service-center`, `registration-key` and `portal` If `auto-gateway-creation` is `false, plan` must be empty
`sku`	string	Stock Keeping Unit code for the Security Gateway

creation-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

last-modify-time

Parameter Name	Type	Description
`posix`	int	The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`iso-8601`	string	Date and time represented in international ISO 8601 format

gateway-status

Parameter Name	Type	Description
`status-value`	string	Either `underconstruction` (to prevent the download of settings from Zero Touch), `set` (to allow the download of settings from Zero Touch), or `claimed`
`reported-status`	string	Status code reported by the Security Gateway Possible values: `notreported, fetched, activated`
`reported-status-time`	int	Timestamp when the Security Gateway last reported its status The value is the number of milliseconds that have elapsed since 00:00:00, 1 January 1970
`status-text`	string	Gateway log file output (last 5000 characters)
`display-status`	string	Claimed Security Gateway state display string in the Zero Touch Server Possible values: `Ready to deploy,` `Under construction,` `Registered with incomplete data`
`reported-display-status`	string	Status display string reported by the Security Gateway Possible values: `Not reported, Gateway successfully downloaded settings, Connected to SMP`
`mac`	string	Unique Media Access Control address for the Security Gateway

On Failure, HTTP Return code: 400, 401, 500

Parameter Name	Type	Description
`message`	string	Operation status
`messages`	List: string	List of validation errors
`code`	string	Error code

Request Example

{
"object-name": "gw7AB34E",
"account-id": 7899567,
"template-id": 8988937,
"mac": "xx:xx:xx:7A:B3:4E"
}

Response Example

[
  {
    "gateway-configuration": {
      "object-name": "gw7AB34E",
      "account-id": 7899567,
      "template-id": 8988937,
      "template-name": "Template A",
      "creating-user": "user@domain.com",
      "last-modifying-user": null,
      "service-center": "",
      "registration-key": "",
      "user-script": "",
      "wireless-country": "GB",
      "admin-password": "******",
      "admin-access": "",
      "accept-lan": true,
      "accept-wifi": true,
      "accept-vpn": true,
      "accept-wan": true,
      "limit-source-ip-mode": "LIMIT_SRC_IP_MODE.NO_LIMIT",
      "ignore-cert-verification": false,
      "use-cpn-tp-server": true,
      "auto-gateway-creation": false,
      "rmd-web-url": "",
      "rmd-shell-url": "",
      "activate-rmd": false,
      "under-construction": false,
      "upload-info": false,
      "creation-time": {
        "posix": 1530099088,
        "iso-8601": "2018-06-27T11:31"
      },
      "last-modify-time": {
        "posix": 1530099088,
        "iso-8601": "2018-06-27T11:31"
      },
      "time-zone": "GMT(Greenwich-Mean-Time/Dublin/Edinburgh/Lisbon/London)",
      "mac": "xx:xx:xx:7A:B3:4E",
      "comments": "My comments",
      "portal": "",
      "plan": "",
      "sku": "CPAP-SG1450-NGTP"
    },
    "gateway-status": {
      "status-value": "set",
      "reported-status": "notreported",
      "reported-status-time": null,
      "status-text": null,
      "display-status": "Ready to deploy",
      "reported-display-status": "Not reported",
      "mac": "xx:xx:xx:7A:B3:4E"
    }
  }
]