Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Haim_Gabay
Explorer

Manage quantum 700 and 1500 series using API

Hello community team,

I am looking to manage the Quantum 700 and 1500 series using REST API directly with the box from my proprietary management server, my understanding that you need to manage the box by R80/R81 and perform all the calls through the R80/R81 api server.

Can the Quantum 700 and 1500 be managed by R80/R81?

Is it possible to perform calls directly with the box or I must do it through the api server, if so, can the api server installed in the cloud while the Quantum box is on-prem, assuming that we solve the access from the api server to the on-prem Quantum box.

Any insights on the above is appreciated

Thanks

0 Kudos
3 Replies
_Val_
Admin
Admin

Yes, you can manage SMB appliances from a SmartCenter or even an MDS.

0 Kudos
Haim_Gabay
Explorer

Thank you for the quick response, is it possible to write API calls from my software program directly to the 700 and 1500 gateways without having MDS or SmartCenter installed? I am trying to understand if it is a MUST to have SmartCenter/MDS.

0 Kudos
PhoneBoy
Admin
Admin

The answer is…a bit complicated.

700s are, by design, not manageable with traditional Check Point management.
They were sold as SMB appliances with this capability explicitly removed.
Their 1400 equivalents can be managed by traditional Check Point management as can the newer 1500/1800/1900 series.

Regular Check Point management has REST APIs, of course, but the actual SMB gateway object must be created manually in SmartConsole (ie that does not have REST API support yet).
This support is limited to Access and Threat Prevention policy, not actual device management (e.g. interfaces, routing).

As for accessing a REST API on the device itself, the 700 does not offer this and there are no plans to add one there.
We recently added support for a REST API on the 1500 (in R80.20.25 firmware), though I can’t immediately find the relevant documentation.
I assume it will be similar to what is noted in the release notes: limited to clish commands.
Which would imply some ability to manage the device/access policy/threat prevention using this.

0 Kudos