Integrating with Data Center Servers

In This Section:

Connecting to a Data Center Server

The Management Server connects to the SDDC through the Data Center server object on SmartConsole.

To create a connection to a Data Center:

In SmartConsole, click Objects menu > More object types > Server > Data Center > applicable Data Center type.
The Data Center Server window opens.
Enter credentials and connection properties.
Click Test Connection to establish a secure connection.
If the certificate window opens, confirm the certificate and click Trust.
When the Connection Status changes to Connected, click OK.
If the status is not Connected, troubleshoot the issues before you continue.

Note - If the connection properties of any Data Center servers such as credentials or the URL change, make sure to install the Access Control Policy again.

Creating Access Rules with Data Center Objects

Define security policies with rules that include the Data Center objects.

Important - If the Management Server is not connected to the Data Center server, the Data Center objects will not import. To make sure the servers are connected, open the Data Center Server object in SmartConsole and see that the Status is Connected.

You can add Data Center objects to the Source and Destination of rules in the Access Control Policy and in the Threat Prevention Policy.

To import Data Center objects without adding them to a policy:

In SmartConsole, go to the Objects Explorer > More object types > Server > Data Center.
Right-click on a Data Center server object and select Import.
In the window that opens, select the objects to add.
The Data Center object shows in the Objects bar > Data Center Objects.

Data Center objects that are imported to the security policy are designed for well-defined groups of machines (EPGs, VMs, and so on).

Check Point Management API

The Check Point Management API includes Data Center commands to show Data Center Servers and their contents, and to show, delete, and import Data Center objects. Use the API to automate Data Center security management and monitoring.

There are different interfaces for the Management API:

SmartConsole Command Line window (bottom left corner)
mgmt_cli tool (built-in on the Management Server, and SmartConsole Client)
Gaia Clish on the Management Server
Web services on the Management Server (over HTTPS)

Work with API documentation specific to the Data Centers.

To work with API on a Security Management Server:

Step	Description
1	In SmartConsole, from the left navigation panel, click Manage & Settings.
2	From the left tree, click Blades.
3	In the Management API section, click Advanced Settings.
4	In the Access Settings section, select All IP Addresses and click OK.
5	Connect to the command line on the Security Management Server.
6	Log in to Gaia Clish, or Expert mode.
7	Restart the API server: `api restart` Output must show: `Stopping API...` `API stopped successfully.` `Starting API...` `API started successfully.`
8	In your web browser, connect to: `https://<`Main IP Address of Security Management Server`>/api_docs` Note: If you enabled the Endpoint Policy Management Software Blade, then connect to: `https://<`Main IP Address of Security Management Server`>:4434/api_docs`

To work with API on a Multi-Domain Server:

Step	Description
1	Connect with SmartConsole to the main MDS context.
2	In SmartConsole, from the left navigation panel, click Multi Domain.
3	From the left tree, click Blades.
4	In the Management API section, click Advanced Settings.
5	In the Access Settings section, select All IP Addresses and click OK.
6	Connect to the command line on the Multi-Domain Server.
7	Log in to Gaia Clish, or Expert mode.
8	Restart the API server: `api restart` Output must show: `Stopping API...` `API stopped successfully.` `Starting API...` `API started successfully.`
9	In your web browser, connect to: `https://<`Main IP Address of Multi-Domain Server`>/api_docs`

To change the API configuration and to learn more:

See the API documentation.