R12.1-2025Jul03

Discover Checkpoint Firewall R80

This document introduces how to discover Checkpoint Firewall R80 in your NetBrain system and visualize device data and topology on dynamic maps.

Supported Firewall Modes

The system can discover Checkpoint Firewall R80 in the following deployment modes:

  • Physical Mode
  • Cluster Mode
  • VSX
  • VSX Cluster
Information Note: Firewalls in the Bridge mode are not supported in the system.

Discovery Flow

The following pseudo-code describes a high-level flow to discover Checkpoint Firewall R80 in the system, including configurations at both Checkpoint Manager side and NetBrain side sides.

Code
1. Checkpoint Manager Side:
1.1 Set account permission.
1.2 Enable and set API access permission.

2. NetBrain Side:
2.1 Configure API Server Manager for Checkpoint Firewall R80.

3. Discover Checkpoint Firewall R80

4. Run a benchmark for Checkpoint Firewall R80

1. Configurations at Checkpoint Manager Side

Before discovering Checkpoint Firewall R80, you need to set up an account and API access permission in your Checkpoint Manager so that your NetBrain system has access to the Checkpoint Management Domain.

The configurations for a single domain and multi-domain are different. Select the configuration steps based on your actual domain scenario.

Single Domain Configurations

  1. Assign permissions to the account that you use for your NetBrain system to access the Checkpoint data. You can select any of the following three permission profiles in General > Permissions > Permission Profile.
  1. Enable API access to accept API calls from your NetBrain Front Server. Go to Blades > Management API > Advanced Settings > Access Settings, and select the All IP addresses or All IP addresses that can be used for GUI clients option.
Information Note: If you select the All IP address that can be used for GUI clients option, add the IP address of NetBrain front server to the Trusted Clients as follows:


  1. Log in to Smart Dashboard via SSH by using an SSH/Telnet tool and execute the API start command to activate API access permission.

Multi-Domain Configurations

  1. Assign permissions to the account that you use for your NetBrain system to access the Checkpoint data. One of the following permissions is required in General > Permissions > Permission Profile.

Information Note: If you cannot discover the devices or retrieve data with a specified permission, promote the permission to give it a try.
  1. Enable API access to accept API calls from your NetBrain Front Server. Go to Blades > Management API > Advanced Settings > Access Settings, and select the All IP addresses or All IP addresses that can be used for GUI clients option.
Information Note: If you select the All IP address that can be used for GUI clients option, add the IP address of NetBrain front server to the Trusted Clients as follows:


  1. Log in to Smart Dashboard via SSH by using an SSH/Telnet tool and execute the api restart command to activate the API access permission.