Check Point Quantum Smart-1 Cloud Integration with TEM

Overview

Check Point Threat Exposure Management (TEM) enhances the Quantum Smart-1 Cloud Next Generation Firewall (NGFW) by leveraging Intrusion Prevention System (IPS) security logs and API-based access to deliver actionable, traffic-based threat insights. TEM enables automated remediation workflows and pushes Indicator of Compromise (IoCs) directly into cloud-managed environments, ensuring scalable, unified, and proactive threat response. This integration empowers administrators to maintain consistent security posture across distributed cloud assets with minimal manual intervention.

Administrators must enable IPS enforcement and configure local logging on each Quantum Smart-1 Cloud device to ensure effective integration.

  1. IPS Enforcement

    IPS enforcement enables Smart-1 Cloud gateways to inspect traffic for known threats using signature-based detection. It helps block malicious activity in real time and is essential for generating accurate insights in Threat Exposure Management (TEM).

    Traffic-Based Insights

    • IPS logs capture real-time threat activity, including intrusion attempts, exploit signatures, and suspicious payloads.

    • TEM uses these logs to correlate traffic patterns and surface risk-based exposures.

    Log Requirements

    • Enable IPS and actively log events.

    • Retain logs for at least 7 days and ensure TEM can continuously access them for analysis.

    To verify IPS Enforcement logs, see Verifying IPS Enforcement Logs for TEM.

  2. Managing API Access

    Management API Access allows the TEM Virtual Machine (VM) to connect with the Quantum Smart-1 Cloud Management Server using its API. This integration enables TEM VM to query security policies, retrieve logs, and automate key management tasks. By enabling API access, organizations can seamlessly synchronize data, streamline security operations, and reduce manual administrative effort, all from a single cloud-based management platform.

    To verify API access, see Verifying API Access.

  3. Trusted Client Permission

    Defining the TEM VM as a trusted GUI client allows it to securely interact with the Quantum Smart-1 Cloud Management Server.

    To verify trusted client permissions, see Verifying Trusted Client.

  4. Access Policy Rules for TEM- For All Supported Quantum Smart-1 Cloud Deployments

     

    Source

    Destination

    Port

    Protocol

    Purpose

    Check Point

     

     

     

     

    TEM VM

    Quantum Smart-1 Cloud

    TCP/443

    HTTPS

    Configuration fetch / remediations

    Firewalls / Clusters

    TEM VM

    TCP/30003

    TCP

    Indicators of Compromise (IoC) Pull

    TEM VM

    Firewalls / Clusters

    UDP/161

    SNMP

    CPU and RAM

Supported Capabilities

TEM supports the following capabilities as part of its integration with Quantum Smart-1 Cloud:

  • Protection Hardening - Controlled Transition of IPS protections to Block mode strengthens security while minimizing operational impact.

  • Attack Analysis - Uses machine learning to identify real attacks and provides one-click remediation to quickly contain threats.

  • Security Hygiene - Keeps systems up to date with the latest patches and security updates to reduce vulnerabilities.

  • Business Disruption Prevention - Detects and mitigates security events that could disrupt operations, helping maintain continuity.

  • Indicators - Manages threat intelligence across all integrated security controls, ensuring consistent alignment and protection across the organization.

    Note - Supported indicator types include IP Addresses, File Hashes, and Domains.

Quantum Smart-1 Cloud Integration with TEM

Step 1: Obtain the Connection String from Check Point Infinity Portal

  1. Log in to the Check Point Infinity Portal.

  2. Click the Menu icon in the left corner and go to Quantum > Security Management & Quantum Smart-1 Cloud.

  3. From the left navigation panel, click Settings > API & SmartConsole.

  4. In the Management API section, copy and save the connection string shown in the image below.

Step 2: Configure a New Management API Profile for a Super User

To configure a new Management API Profile for a Super User:

  1. Log in to the SmartConsole.

  2. From the left navigation panel, click Manage & Settings.

  3. In the Permissions & Administrators section, click Permission Profiles, and click New.

    The New Profile pop-up appears.

  4. Enter a name for the profile.

  5. Configure the permissions as follows:

    1. In the Overview tab, select Permissions as Customized.

    2. In the Gateways tab, navigate to Scripts and enable the Run One Time Script checkbox.

    3. Configure the Access Control tab.

      1. In the Policy section, enable the Show Policy checkbox.

      2. Select the Edit layers by Software Blades option and enable the Firewall, Application Control and URL Filtering checkboxes.

      3. In the Additional Policies section, enable the NAT Policy checkbox and select Read from the dropdown.

      4. In the General section, enable the Access Control Objects and Settings checkbox and select Read from the dropdown.

    4. Configure the Threat Prevention tab.

      1. In the Policy section, select the following options:

        • Policy Layers: Read

        • Policy Exceptions: Write

      2. In the Permissions section, select the following options:

        • Profiles: Read

        • Protections: Write

        • Settings: Write

        • In the Actions section, enable the Install Policy checkbox.

    5. In the Others tab, configure the following Permissions:

      1. Common Objects: Write

      2. Check Point Users Database: Read

    6. In the Monitoring and Logging tab, configure the Monitoring and Logging section as follows:

      1. Monitoring: Read

      2. Management Logs: Read

      3. Track Logs: Read

      4. Select the Application and URL Filtering Logs checkbox.

      5. Select the HTTPS Inspection Logs checkbox.

    7. In the Management tab, enable the following Management Permissions.

      1. Management API Login

      2. Publish sessions without an approval

    8. Click OK.

Note - You can turn off Write permissions and set the user profile to Read permissions only. However, this action causes the remediation flow to fail if attempted.

Step 3: Configure the TEM Portal

  1. Log in to the TEM portal.

  2. Go to Settings > Integrations > Catalog > Quantum Smart-1 Cloud.

  3. In the Quantum Smart-1 Cloud pop-up that appears, navigate to the Connection tab.

  4. In the Mandatory Connection Details section, enter the following details:

    • In the Connection Name field, enter a unique name to identify this integration.

    • In the Username field, enter the admin name used to authenticate the connection.

    • In the Password field, enter a secure password for the specified username.

    • In the Connection String field, enter the connection string you copied from Step 1: Obtain the Connection String from Check Point Infinity Portal.

  5. Click Next.

  6. (Optional) In the Configuration section, enable Backfill Indicators to import existing indicators into the integration.

  7. Click Connect to establish a connection.

Limitations

  1. SMB Restrictions:

    Due to limitations in the Check Point API, fetching license / version information and configuring SNMP are not supported on Quantum Spark deployments.

  2. IPv6:

    IPv6 addresses are not supported.

Verifying IPS Enforcement Logs for TEM

Prerequisite

Create a Management API user with a Super User profile explicitly for TEM.

Note - The Management API permission is required only for the initial integration (one-time use). After the initial setup, you can create a dedicated profile instead of the Super User profile.

Setting the Log Retention Rate for TEM

  1. Log in to the SmartConsole.

  2. From the left navigation panel, click Logs & Events > Logs.

  3. In the search bar:

    1. Set the time range to Last 7 Days.

    2. Enter blade:IPS and protection_type:IPS

Note - If IPS logs are unavailable, create a dedicated IPS profile set to Detect Mode only. This allows TEM to collect traffic data and generate insights without blocking traffic, ensuring complete visibility into potential exposures while keeping business operations uninterrupted.

Verifying API Access

To verify API Access for the TEM Virtual Machine:

  1. Log in to the SmartConsole.

  2. From the left navigation panel, click Manage & Settings > Blades.

  3. In the Management API section, click Advanced Settings.

  4. In the Management API Settings dialog box that appears, ensure that one of these options is selected:

    • All IP addresses

    • All IP addresses that can be used for GUI clients

  5. Click OK.

Verifying Trusted Client

To verify or configure a trusted client in Quantum Smart-1 Cloud:

  1. Log in to the SmartConsole.

  2. From the left navigation panel, click Manage & Settings.

  3. Go to the Permissions & Administrators section and click Trusted Clients.

  4. Click the icon.

  5. In the New Trusted Client pop-up, enter a name for the profile. In the IPV4 Address field add theTEM VM IP address as a permitted client.

  6. Click OK.