Homekit (Siri) integration with R81
Homebridge allows you to integrate with smart home devices that do not natively support HomeKit. Use your iPhone, iPad, HomePod and Apple Watch to control your Check Point Firewall and setup automations.
You can also control your firewall rules using your voice via Siri. More about Homebridge can be found here: https://homebridge.io/
Video:
How does it work:
Homebridge provides devices that are not supported by Apple for example a switch to change something ( firewall rules on/off). For Homebrige there is a plugin that allows to run SSH scripts. If you now speak a command via Siri voice control or turn on a switch in Homekit, a script is executed via Hombridge. For this purpose, a dynamic object is created on the gateway via the Homebrige SSH plugin. This dynamic object can be used in the firewall ruleset.
Installation guide:
1) Install Homebridge using for example on a Raspberry Pi 3 or 4. A good tutorial how to install Homebrige can be found here: https://github.com/homebridge/homebridge/wiki/Install-Homebridge-on-Raspbian
# npm install -g --unsafe-perm homebridge homebridge-config-ui-x
2) Install the homebridge-ssh plugin.
# npm install -g homebridge-ssh
3) Configure the SSH Homebrige device to access your firewall gateway. You have to change the account and SSH information in the script to your environment and change the dynamic object to your firewall rules.
Here is an example:
{
"accessory": "SSH",
"name": "Firewall",
"on": "dynamic_objects -o homekit -r 192.168.200.1 192.168.200.254 -a",
"off": "dynamic_objects -o homekit -r 192.168.200.1 192.168.200.254 -d",
"ssh": {
"user": "<firewall gateway user",
"host": "<firewall gateway ip>",
"port": 22,
"password": "<your password>"
}
}
4) Now restart your Homebridge server.
5) To connect a Homebridge device to Homekit, you need to scan the QR code on your iPhone/iPad in the Home app. The QR code is displayed in the web GUI of Homebrige.
6) Create a firewall ruleset in which the dynamic object (in my example homekit) and then install the policy. Here is an example:
Is done!
Now you can control the dynamic objects (the firewall rules) via your iPhone using Siri or the Home App. Sorry my iPhone is set to German language. Therefore a small translation: Geräte = devices, Aus = off
PS:
Now I will receive many comments again about the security of SSH scripts settings and about iPhone and Siri security. Therefore immediately a statement in advance. I would not use this in productive environments from a security point of view. I use something like that only because I am a game kid. 🙂
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips