Create a Post
Showing results for 
Search instead for 
Did you mean: 
Employee Alumnus
Employee Alumnus

Tufin integration with Check Point R80.docx

Tufin integration document for integrating newly upgraded Check Point R80.x Management Appliances.  I used documentation from Tufin and Check Point in the creation of this whitepaper.


For the full list of White Papers, go here

4 Replies

I'm putting this in the general Management space as the space you had posted this to wasn't public Smiley Happy

Employee Alumnus
Employee Alumnus

Apologies and appreciate you moving to the right spot.

0 Kudos
Not applicable

Nice summary document and initiative Donovan. Tufin is one of our technology partners who also includes  documentation that our readers may find helpful. Their links and version support may change over time so start at the high level and include some current snapshots. Would also encourage our customers and partners to check the Tufin site for the latest information.

Security Policy Orchestration for CheckPoint Firewalls from Tufin 

Supported Devices and Platforms 

Adding Check Point Devices 

Upgrading to Check Point R80 Support 

Employee Employee

I guess it would be worth adding basic troubleshooting steps as we had number of issues with API dying or crashing on MDS  after Tufin calls. Bugs with API on CP side I'm afraid. Still present with Take 142 - fixed one CMA and broke another Smiley Happy

These logs help to identify issues fairly quickly to raise quality SR.

Look for api.elg log file, in MDS case in $MDS_FWDIR/log

I have no logs from regular SMS so I will give example of CMA case below. MDS main IP =, CMA = and Tufun

API call is made by Tufin "show packages details-level full offset 0 limit 200" and it ends with API error

2018-09-13 07:22:42,935 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp801587943-36] - Inbound Message
ID: 393
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json], accept-encoding=[gzip,deflate], connection=[keep-alive], Content-Length=[63], content-type=[application/json], Host=[], User-Agent=[Apache-HttpClient/4.4.1 (Java/1.8.0_171-ojdkbuild)], X-chkp-sid=[ooS5sJJ1ZLIF3vjcuj5Q_A1RXa6iBf8twqRjHBrpQak], X-Forwarded-For=[], X-Forwarded-Host=[], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[]}
Payload: {
"offset" : 0,
"limit" : 200,
"details-level" : "full"
2018-09-13 07:22:42,939 INFO<init>:25 [qtp801587943-36] - Cache created and initialized
2018-09-13 07:22:42,940 INFO [qtp801587943-36] - Executing [show-packages] of version 1.1
2018-09-13 07:22:44,183 ERROR [qtp801587943-36] - Getting overview list failed, switching to getting one by one.
2018-09-13 07:22:44,198 ERROR [qtp801587943-36] - Getting overview object for uid [05d74d34-8e1d-4fc6-7a27-3acb17546c2a] failed, trying to get the full object to mimic an overview response.
2018-09-13 07:22:44,210 ERROR [qtp801587943-36] - Getting full object for uid [05d74d34-8e1d-4fc6-7a27-3acb17546c2a] failed.
2018-09-13 07:22:44,211 ERROR [qtp801587943-36] - Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_UNSPECIFIED] errorFamily [null] message [An internal error has occurred.]
2018-09-13 07:22:44,211 WARN [qtp801587943-36] - Unhandled GeneralRemoteFault error code [CP_ERR_UNSPECIFIED]
2018-09-13 07:22:44,212 ERROR [qtp801587943-36] -
com.checkpoint.web_services.faults.GeneralRemoteFault: An internal error has occurred.

You can then run the same commands manually directly on MDS/CMA and replicate the issue and narrow it down - in this particular case "show packages" actually worked but not with details level full. Playing more we were able to identify that issue was with one single package.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events