This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
roby198
Participant
‎2024-09-22 12:04 PM
Jump to solution

what component is the destination with API command?

Hi, I have an engine CheckPoint 1600 FW (Quantum Spark) manged by a CheckPoint cloud management.

I have to push some policy rules via API and I didn't understand if i can send the APIs to the firewall engine directly or i have to send them to the I management only.

Then seems i need to configure a user that will manage the API , what happen is i have the 2FA activated?

Thank you

Roby

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-09-23 06:53 AM
In response to Tal_Paz-Fridman
Jump to solution

The question is what is the endpoint he needs to connect to in order to manage via API.
That…would be the central management (in this case, Smart-1 Cloud).
API keys can be configured for usage via API.

View solution in original post

(1)
PhoneBoy
Admin
Admin
‎2024-09-23 12:07 PM
In response to roby198
Jump to solution

MFA is not appropriate for programmatic access.
Create a specific user with API Keys as the authentication method:

image.png

View solution in original post

(1)
4 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-09-22 10:37 PM
Jump to solution

Management API can be run from several locations and using various tools. See the options at the top of each command:

 

 

For install policy run command on the Management Server and list the Security Gateways that are the target:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/install-policy~v1.9.1%20

 

For example:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway"  --format json

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-23 06:53 AM
In response to Tal_Paz-Fridman
Jump to solution

The question is what is the endpoint he needs to connect to in order to manage via API.
That…would be the central management (in this case, Smart-1 Cloud).
API keys can be configured for usage via API.

(1)
roby198
Participant
‎2024-09-23 09:43 AM
In response to PhoneBoy
Jump to solution

Yes exactly the question arises from the fact that I have to inject some rules via API and I don't understand if I have to send them to the management or directly to the perimeter firewall engine.
If I understood PhoneBoy's answer I have to send the API commands to the smart-1 cloud management and since for the API I have to specify a user account on the management how can it validate with username and password if I have 2FA turned on?
Thanks and sorry if I say some inaccuracies

Roby

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-23 12:07 PM
In response to roby198
Jump to solution

MFA is not appropriate for programmatic access.
Create a specific user with API Keys as the authentication method:

image.png

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events