Repository Gateway Script

A repository gateway script is a script that runs on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. after the policy installation. Before using it in your Security Gateway configuration template, you must add it to the script repository on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

You can do this using CME API and SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

Configuring a Repository Gateway Script Using CME API

To add a repository script to the Security Gateway configuration template in CME API v1.1:

  1. Use the ⁠add-repository-script management API to add the script to the script repository on the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

    For example:

    url: POST https://{{managementIP}}/web_api/v1.9/add-repository-script

    body: {"name": "create_route", "script-body": "#!/bin/bash clish -c lock database override clish -c set static-route 10.24.2.0/32 nexthop gateway address 10.24.0.0 on clish -c save config""}

    Note - For Multi-Domain Security Management server, add the script for each Domain.

    You can run the API call using the mgmt_cli tool, Web Services, SmartConsole CLI, or GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. CLI.

  2. Publish the session with the publish management API.

  3. After the script is successfully added to the script repository on the Management Server, you can add the repository script to your template. For more information, see CME API SwaggerHub documentation.

    For example:

    url: PUT https://{{managementIP}}/web_api/v1.8/cme-api/v1.1/gwConfigurations/<azure/gcp/aws>/<template-name>

    body: "repository_gateway_scripts": [{"name": "create_route"}]

    Script with parameters:

    url: PUT https://{{managementIP}}/web_api/v1.8/cme-api/v1.1/gwConfigurations/<azure/gcp/aws>/<template-name>

    body: "repository_gateway_scripts": [{"name": "repo_script", "parameters": "param1 param2"}]

Note - For CME API in Postman, you can use this Postman Collection.

Configuring a Repository Gateway Script Using SmartConsole

  1. To add the script to the scripts repository on the Security Management Server, follow the steps described in the SmartConsole guide.

  2. To add the script to the Security Gateway configuration template, follow the steps described in the Configuring CME in SmartConsole (recommended) chapter of this guide.