7. Remote API Access

Description

Starting from R81.20, you can connect from your on-premises Management Server to the Infinity Portal. This lets you:

  • Run services that are managed in the Infinity Portal on your Management Server objects.

    To see the full list of services, go to SmartConsole > Infinity Services view.

    For some services, you must enable Configuration Sharing and Log Sharing. See the documentation for the specific service in the Infinity Portal Administration Guide.

  • See a unified log view of all your Check Point products, both in cloud and on-premises.

    This way, you can search for logs and events from all Check Point products in the same place.

  • Use new administrator capabilities on the on-premises Management Server.

    For example, you can run management APIs on the on-premises Management Server through the Infinity Portal securely from anywhere in the world.

On this Scenario , You will demonstrate how to run management APIs on the on-premises Management Server of the demo environment through the Infinity Portal.

Prerequisites

Please follow the instructions & Prerequisites in Quantum Security Management R81.20 Administration Guide.

Note - Check Point Management Server VM on the Demo is accessible from outside using the external address on the Connection Details of the VM :

You can use this address to connect to the Web SmartConsole from your personal computer and to connect it to the Infinity Portal using your Infinity account.

https://<Management Server External Address>/smartconsole

Instructions

Step

Instructions

1

Following the Instructions and Prerequisites to Connect the Management Server VM to the Infinity Portal.

2

From the Infinity Services tab on SmartConsole , Enable Remote APIs Access :

3

Click on the OFF button and Click I Agree :

4

The Status will change to the ON:

5

Click on Learn more to open the instructions on the Infinity Portal:

6

Follow the following instructions :

  1. Create API Key for Quantum Smart-1 Cloud:

    1. Navigate to API keys.

    2. Click “New”.

    3. Choose Service : Quantum Smart-1 Cloud

    4. Click on Create

    5. Copy the Client ID and Secret Key to notepad.

      We will use it on the postman collection environment on the Jump-Server VM.

  2. Open the step Generate Token for running APIs of Infinity Portal:

    1. Copy the following marked URL to notepad :

      We will use it on the postman collection environment on the Jump-Server VM.

      Example URL to copy:

      https://cloudinfra-gw.portal.checkpoint.com/auth/external

  3. Open the step Run API's on your connected Management using the token :

    1. Copy the following marked URL to notepad :

      We will use it on the postman collection environment on the Jump-Server VM.

      Example URL to copy:

      https://cloudinfra-gw.portal.checkpoint.com/app/maas/api/v2/environments/6b19ac60-97ac-4566-992a-001bb6312cf5

Important - Please make sure not to copy extra slashes on the URLs.

7

From the Jump-Server VM , Open R81.20 SmartConsole.

8

Create an administrator with "Authentication method" set to "API Key" and generate a new API Key:

Note - Save the API key on your notepad , We will use it on the postman collection environment.

9

Assign 'Super User' Permissions Profile to the new user and Click OK:

10

Publish Session.

11

On the Jump-Server , Open the Postman Portable Application (Look for the Orange RocketMan).

Note - When the application opens , Please click Dismiss in the update window:

12

Select the preconfigured Remote_API environment to make API calls to the management server via infinity portal:

13

Click on the Environment quick look button and click on Edit

  • client_id - Generated by creating an API key via the infinity portal - Saved on Step 6.1

  • secret_key: Generated by creating an API key via the infinity portal - Saved on Step 6.1

  • mgmt_url : Saved on Step 6.3

    Example URL to for the postman collection environment:

    https://cloudinfra-gw.portal.checkpoint.com/app/maas/api/v2/environments/6b19ac60-97ac-4566-992a-001bb6312cf5

  • infinity_portal_url : Saved on Step 6.2

    Example URL to for the postman collection environment:

    https://cloudinfra-gw.portal.checkpoint.com/auth/external

  • api_key: Authentication API key for the management administrator

  • infinity_portal_token: Provided by the infinity portal after a login

  • sid: provided by the login command sent to the management server

14

Provide the values for the variables below using the keys / values we generated in the above steps:

15

Click Save:

15

Open the Infinity Portal Remote APIs Access Collection and make sure that Remote_API environment was selected.

16

Login to the portal using the saved API call "Generate Token":

17

Login to the connected management server using the login API call:

18

Run the following API calls examples : show-cloud-services & get-platform:

19

Open R81.20 SmartConsole and click on Infinity Services tab to review the number of Management API calls that were executed via Infinity Portal :