Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
roby198
Participant
Jump to solution

what component is the destination with API command?

Hi, I have an engine CheckPoint 1600 FW (Quantum Spark) manged by a CheckPoint cloud management.

I have to push some policy rules via API and I didn't understand if i can send the APIs to the firewall engine directly or i have to send them to the I management only.

Then seems i need to configure a user that will manage the API , what happen is i have the 2FA activated?

Thank you

Roby

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

The question is what is the endpoint he needs to connect to in order to manage via API.
That…would be the central management (in this case, Smart-1 Cloud).
API keys can be configured for usage via API.

View solution in original post

(1)
PhoneBoy
Admin
Admin

MFA is not appropriate for programmatic access.
Create a specific user with API Keys as the authentication method:

image.png

View solution in original post

(1)
4 Replies
Tal_Paz-Fridman
Employee
Employee

Management API can be run from several locations and using various tools. See the options at the top of each command:

 

 

For install policy run command on the Management Server and list the Security Gateways that are the target:

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/install-policy~v1.9.1%20

 

For example:

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway"  --format json

 

0 Kudos
PhoneBoy
Admin
Admin

The question is what is the endpoint he needs to connect to in order to manage via API.
That…would be the central management (in this case, Smart-1 Cloud).
API keys can be configured for usage via API.

(1)
roby198
Participant

Yes exactly the question arises from the fact that I have to inject some rules via API and I don't understand if I have to send them to the management or directly to the perimeter firewall engine.
If I understood PhoneBoy's answer I have to send the API commands to the smart-1 cloud management and since for the API I have to specify a user account on the management how can it validate with username and password if I have 2FA turned on?
Thanks and sorry if I say some inaccuracies

Roby

0 Kudos
PhoneBoy
Admin
Admin

MFA is not appropriate for programmatic access.
Create a specific user with API Keys as the authentication method:

image.png

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events