This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jon_Pahl1
Employee
Employee
‎2021-06-30 01:10 PM

Creating a simple access rule via API

For this document we will assume that only the protocol objects and basic policy have been created.

 

Current policy

Jon_Pahl1_0-1625083752305.png

 

Current layers in the default policy

Jon_Pahl1_1-1625083752308.png

 

 

 

  1. Create source and destination objects.
    1. Creating a destination host object

Using the API call add host we have 1 required filed, Name, and require and ip address v4 or v6 via ip-address, ipv4-address or ipv6-address.

Optional fields include

 

Tags = collection of tag identifiers

Host-servers = servers configuration

Nat-setting

Interfaces

Groups

Color

Comments

 

Don’t forget to publish

          Mgmt_cli publish

 

Jon_Pahl1_2-1625083752316.png

 

 

Jon_Pahl1_3-1625083752317.png

 

 

 

 

 

  1. Creating a source network object

Using the API call ‘add network’ we create a simple network object.  Again we have some required fields and we find the same ipv4 and v6 options as the ‘add host’ call.

 

Argument

Require

Description

Name

Yes

Object name

Subnet

Yes / or #1

IPv4 or IPv6 address

Subnet4

Yes / or #1

IPv4 address

Subnet6

Yes / or #1

IPv6 address

Mask-length

Yes / or #2

IPv4 or IPv6 cidr mask length

Mask-length4

Yes / or #2

IPv4 mask length

Mask-length6

Yes / or #2

IPv6 mask length

Nat-setting

No

 

Tags

No

Collection of tag identifiers

Broadcast

No

Option to allow broadcast inclusion

Color

No

 

Comments

No

 

Groups

No

Any group memberships

 

Example

Jon_Pahl1_4-1625083752323.png

 

 

  1. Adding an access rule

   The rule we are going to create is one to allow SSH and HTTPS to the target server defined earlier from the network we just created. Given the number of API arguments I am simple going to refer to the reference guide. https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-access-rule~v1.7.1%20

 

Example output

Jon_Pahl1_5-1625083752327.png

 

 

And the full API command in txt:

mgmt_cli add access-rule layer "Network" position "top" name "SSH & HTTPS access to test host" action "Accept" destination "Test-Host-1" source "Admin_network" service.1 "SSH" service.2 "HTTPS"

 

Finally the finished rule.

 

Jon_Pahl1_6-1625083752329.png

 

 

 

Use cases:

  1. Lab setup
  2. New application onboarding
  3. Creating your own API process.
    1. Some Check Point customers have created their own process they build host and network objects create rules all via a home grown web service.
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events