Print Download PDF Send Feedback

Previous

Next

Integrating with Data Center Servers

In This Section:

Connecting to a Data Center Server

Creating Rules with Data Center Objects

Check Point Management API

Supported Data Centers

Connecting to a Data Center Server

The Management Server connects to the SDDC through the Data Center server object on SmartConsole.

To create a connection to a Data Center:

Step

Description

1

In SmartConsole, create a new Data Center object in one of these ways:

  • In the top left corner, click Objects menu > More object types > Server > Data Center > applicable Data Center
  • In the top right corner, click Objects Pane > New > More > Server > Data Center > applicable Data Center.

2

In the Enter Object Name field, enter the desired name.

3

Enter the connection and credentials information.

4

Click Test Connection to establish a secure connection.

If the certificate window opens, confirm the certificate and click Trust.

5

When the Connection Status changes to Connected, click OK.

If the status is not Connected, troubleshoot the issues before you continue.

6

Click OK.

7

Publish the session.

Note - If the connection properties of a Data Center server changed (for example the credentials or the URL), make sure to re-install the policy on all the Security Gateways which have objects from that Data Center in their policy.

Creating Rules with Data Center Objects

Define Security Policy with rules that include the Data Center objects.

Important - If the Management Server is not connected to the Data Center server, the Data Center objects do not import. To make sure the servers are connected, open the Data Center Server object in SmartConsole and examine the Status field. It must show Connected.

You can add Data Center objects to the Source and Destination columns of Access Control rules and Threat Prevention rules.

Note - Data Center objects that you import to the Security Policy are designed for well-defined groups of machines (EPGs, Virtual Machines, and so on).

To add Data Center objects to an Access Control rule:

Step

Description

1

In SmartConsole, from the left navigation panel, click Security Policies.

2

At the top, click Access Control > Policy.

3

In the applicable rule, in the Source or Destination column, click + to add new items.

4

Click Import.

5

Select an existing Data Center object, or click Data Centers > New Data Center > applicable Data Center.

6

Install the Access Control Policy.

To add Data Center objects to a Threat Prevention rule:

Step

Description

1

In SmartConsole, from the left navigation panel, click Security Policies.

2

At the top, click Threat Prevention > Policy.

3

In the applicable rule, in the Source or Destination column, click + to add new items.

4

In the top right corner, click Import.

5

Select an existing Data Center object, or click Data Centers > New Data Center > applicable Data Center.

6

Install the Threat Prevention Policy.

Check Point Management API

The Check Point Management API includes Data Center commands to show Data Center Servers and their contents, and to show, delete, and import Data Center objects. Use the API to automate Data Center security management and monitoring.

There are different interfaces for the Management API:

Work with API documentation specific to the Data Centers.

To work with API on a Security Management Server:

Step

Description

1

In SmartConsole, from the left navigation panel, click Manage & Settings.

2

From the left tree, click Blades.

3

In the Management API section, click Advanced Settings.

4

In the Access Settings section, select All IP Addresses and click OK.

5

Connect to the command line on the Security Management Server.

6

Log in to Gaia Clish, or Expert mode.

7

Restart the API server:

api restart

Output must show:

Stopping API...
API stopped successfully.
Starting API...
API started successfully.

8

In your web browser, connect to:

https://<Main IP Address of Security Management Server>/api_docs

Note: If you enabled the Endpoint Policy Management Software Blade, then connect to:

https://<Main IP Address of Security Management Server>:4434/api_docs

To work with API on a Multi-Domain Server:

Step

Description

1

Connect with SmartConsole to the main MDS context.

2

In SmartConsole, from the left navigation panel, click Multi Domain.

3

From the left tree, click Blades.

4

In the Management API section, click Advanced Settings.

5

In the Access Settings section, select All IP Addresses and click OK.

6

Connect to the command line on the Multi-Domain Server.

7

Log in to Gaia Clish, or Expert mode.

8

Restart the API server:

api restart

Output must show:

Stopping API...
API stopped successfully.
Starting API...
API started successfully.

9

In your web browser, connect to:

https://<Main IP Address of Multi-Domain Server>/api_docs

To change the API configuration and to learn more:

See the API documentation.