|
|
|
In This Section: |
The Management Server connects to the SDDC through the Data Center server object on SmartConsole.
To create a connection to a Data Center:
Step |
Description |
|---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter the desired name. |
3 |
Enter the connection and credentials information. |
4 |
Click Test Connection to establish a secure connection. If the certificate window opens, confirm the certificate and click Trust. |
5 |
When the Connection Status changes to Connected, click OK. If the status is not Connected, troubleshoot the issues before you continue. |
6 |
Click OK. |
7 |
Publish the session. |
Note - If the connection properties of a Data Center server changed (for example the credentials or the URL), make sure to re-install the policy on all the Security Gateways which have objects from that Data Center in their policy.
Define Security Policy with rules that include the Data Center objects.
Important - If the Management Server is not connected to the Data Center server, the Data Center objects do not import. To make sure the servers are connected, open the Data Center Server object in SmartConsole and examine the Status field. It must show Connected.
You can add Data Center objects to the Source and Destination columns of Access Control rules and Threat Prevention rules.
Note - Data Center objects that you import to the Security Policy are designed for well-defined groups of machines (EPGs, Virtual Machines, and so on).
To add Data Center objects to an Access Control rule:
Step |
Description |
|---|---|
1 |
In SmartConsole, from the left navigation panel, click Security Policies. |
2 |
At the top, click Access Control > Policy. |
3 |
In the applicable rule, in the Source or Destination column, click + to add new items. |
4 |
Click Import. |
5 |
Select an existing Data Center object, or click Data Centers > New Data Center > applicable Data Center. |
6 |
Install the Access Control Policy. |
To add Data Center objects to a Threat Prevention rule:
Step |
Description |
|---|---|
1 |
In SmartConsole, from the left navigation panel, click Security Policies. |
2 |
At the top, click Threat Prevention > Policy. |
3 |
In the applicable rule, in the Source or Destination column, click + to add new items. |
4 |
In the top right corner, click Import. |
5 |
Select an existing Data Center object, or click Data Centers > New Data Center > applicable Data Center. |
6 |
Install the Threat Prevention Policy. |
The Check Point Management API includes Data Center commands to show Data Center Servers and their contents, and to show, delete, and import Data Center objects. Use the API to automate Data Center security management and monitoring.
There are different interfaces for the Management API:
Work with API documentation specific to the Data Centers.
To work with API on a Security Management Server:
Step |
Description |
|---|---|
1 |
In SmartConsole, from the left navigation panel, click Manage & Settings. |
2 |
From the left tree, click Blades. |
3 |
In the Management API section, click Advanced Settings. |
4 |
In the Access Settings section, select All IP Addresses and click OK. |
5 |
Connect to the command line on the Security Management Server. |
6 |
Log in to Gaia Clish, or Expert mode. |
7 |
Restart the API server:
Output must show:
|
8 |
In your web browser, connect to:
Note: If you enabled the Endpoint Policy Management Software Blade, then connect to:
|
To work with API on a Multi-Domain Server:
Step |
Description |
|---|---|
1 |
Connect with SmartConsole to the main MDS context. |
2 |
In SmartConsole, from the left navigation panel, click Multi Domain. |
3 |
From the left tree, click Blades. |
4 |
In the Management API section, click Advanced Settings. |
5 |
In the Access Settings section, select All IP Addresses and click OK. |
6 |
Connect to the command line on the Multi-Domain Server. |
7 |
Log in to Gaia Clish, or Expert mode. |
8 |
Restart the API server:
Output must show:
|
9 |
In your web browser, connect to:
|
To change the API configuration and to learn more:
See the API documentation.
