This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2025-05-04 07:13 AM

Management API Usage

Hello, everyone.

 

Can anyone guide me with the easiest way to automate object creation, and then after that add the objects to a particular group with the Management API.

We have massive requirements where we get more than 60 IPs per request, to add them to our MDS, and little experience with using ansible or python.

Are there any commands or templates to help me with the deployment of the Management API, that also allow the installation of policies in your process?

We have many Perimetrics where we have to submit changes on a recurring basis.

Thanks for the comments

0 Kudos
6 Replies
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-05-04 07:38 AM

Hi,

We had a few solutions here in the CheckMates forum, you can browse the API discussion board and choose the option you feel the most comfortable with.

CheckMates API board: https://community.checkpoint.com/t5/API-CLI-Discussion/bd-p/codehub

One of the solutions offered is the following SK: https://support.checkpoint.com/results/sk/sk113078

MGMT API references:

Add host: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/add-host~v2%20

Add host to group: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-group~v2%20

Kind regards, Amir Senn
Duane_Toler
MVP Silver
MVP Silver
‎2026-02-11 01:53 PM
In response to Amir_Senn

Your instinct is correct to use the management API for this.  If you have little experience with Ansible, and you also want to learn, I have a video series on YouTube you can go through to understand how to get it setup for your management server and learn Ansible along the way.  The episodes do build on each other, and the latest one shows how to achieve what you want (but you really should go through each of them).

The link is in my signature below.  I also put together a written form of the episodes on the Substack board, also in the link, in case you want to read through the material, search for things, print it out, etc.

Feel free to reply back here if you have any questions!

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
the_rock
MVP Diamond
MVP Diamond
‎2025-05-04 11:22 AM

Hey bro,

Did what Duane Toler give you last time help? Ansible method, that is.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Tal_Paz-Fridman
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-05-05 04:15 AM

Adding to what @Amir_Senn wrote to look at the Management API Best Practices:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#tips_best_practices~v2%20

 

0 Kudos
Tomer_Noy
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-05 11:15 PM

If this is a recurring pattern, in which you need to add those ~60 weekly IPs to the same few groups, it might be worthwhile to evaluate the use-case and consider alternatives.

For example, if those 60 IPs are malicious / bad reputation IPs that you want to block, then instead of automating them into a group and pushing policy, consider using IoC feeds for blocking in Threat Prevention blades, or a Network Feed that can be placed into a FW policy block rule.

If those IPs are going into a few certain groups that are effectively owned by another team for opening traffic to certain resources, you can also consider a Network Feed with an allow rule, and either fill in the feed yourself or allow that other team to control it.

Using the above alternatives will save you the need to push policy to all your gateways after every update, and will "de-clutter" your Management as you won't need all those host objects.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-06 08:11 AM

Depending on the versions/use case, using the API is not necessary.
For a list of IPs, you're probably better off using something like a Network Feed which just reads a file off a webserver with the IPs (or processes JSON output).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events