<< Click here to display Table of Contents >>

Discovering Checkpoint Firewall R80

Contents

This section introduces how to discover Checkpoint Firewall R80 in your NetBrain system and visualize device data and topology on dynamic maps.

Supported Firewall Modes

The system can discover Checkpoint Firewall R80 in the following deployment modes:

▪Physical Mode

▪Cluster Mode

▪VSX

▪VSX Cluster

Note: Firewalls in the Bridge mode are not supported in the system.

Discovery Flow

The following pseudo-code describes a high-level flow to discover Checkpoint Firewall R80 in the system, including configurations at both Checkpoint Manager side and NetBrain side sides.

1. Checkpoint Manager Side:
   1.1 Set account permission.
   1.2 Enable and set API access permission.

2. NetBrain Side:
   2.1 Configure API Server Manager for Checkpoint Firewall R80.

3. Discover Checkpoint Firewall R80

4. Run a benchmark for Checkpoint Firewall R80

1.Configurations at Checkpoint Manager Side

Before discovering Checkpoint Firewall R80, you need to set up an account and API access permission in your Checkpoint Manager so that your NetBrain system has access to the Checkpoint Management Domain.

The configurations for a single domain and multi-domain are different. Select the configuration steps based on your actual domain scenario.

▪Single Domain Configurations

▪Multi-Domain Configurations

Single Domain Configurations

1.Assign permissions to the account that you use for your NetBrain system to access the Checkpoint data. You can select any of the following three permission profiles in General > Permissions > Permission Profile.

2.Enable API access to accept API calls from your NetBrain Front Server. Go to Blades > Management API > Advanced Settings > Access Settings, and select the All IP addresses or All IP addresses that can be used for GUI clients option.

Note: If you select the All IP address that can be used for GUI clients option, add the IP address of NetBrain front server to the Trusted Clients as follows:

3.Log in to Smart Dashboard via SSH by using an SSH/Telnet tool and execute the API start command to activate API access permission.

Multi-Domain Configurations

1.Assign permissions to the account that you use for your NetBrain system to access the Checkpoint data. One of the following permissions is required in General > Permissions > Permission Profile.

Note: If you cannot discover the devices or retrieve data with a specified permission, promote the permission to give it a try.

Note: If you select the All IP address that can be used for GUI clients option, add the IP address of NetBrain front server to the Trusted Clients as follows:

3.Log in to Smart Dashboard via SSH by using an SSH/Telnet tool and execute the api restart command to activate the API access permission.

2.Configurations at NetBrain Side

NetBrain uses both Checkpoint Manager APIs and CLI/SNMP to discover Checkpoint Firewall R80. You need to configure Network Settings and an API Server Manager for Checkpoint Firewall R80 in the system.

Configure Network Settings

In the Domain Management page, configure the network settings required for Checkpoint Firewall R80 in the system, such as SSH/Telnet Login, Privilege Login, and SNMP String credentials, for Checkpoint Firewall R80. Refer to Online Help for more reference.

Configure API Server

Configure the endpoints and credentials that will be used to access the Checkpoint Management Domain during the discovery.

1.In the Domain Management page, select Operations > Discover Settings > API Server Manager from the quick access toolbar.

2.On the API Server Manager tab, click Add and configure the required fields.

1)Enter a unique name and a description of the API server.

2)Select CheckPoint R80 API from the API Source Type drop-down.

3)In the Endpoints field, enter the address of the Checkpoint Management Domain. The format is https://IP_Address.

Note: Use the multi-domain server IP address in the table header as follows.

4)In the Username and Password fields, enter the username and password of the account that you have configured in the Checkpoint Manager.

5)Select a Front Server that can connect to the Checkpoint Manager from the Front Server drop-down.

6)Click Test to check the connectivity between your NetBrain Front Server and Checkpoint Management Domain.

7)Click OK.

Discovering Checkpoint Firewall R80 in NetBrain

After finishing the configurations at both Checkpoint Manager side and NetBrain sides, you can get started to discover Checkpoint Firewall R80 to one of your NetBrain domains.

Note: To ensure that CheckPoint Firewall R80 can be correctly discovered in the system, perform the discovery via CLI/SNMP first and then re-run a discovery via API.

1.Discover Checkpoint Firewall R80 via CLI/SNMP.

1)In the Domain Management page, select Operations > Discover from the quick access toolbar.

2)On the Discover tab, select Scan IP Range in the Method field.

3)In the IP Range field, enter all the management IP addresses of your Checkpoint Firewall R80 devices and separate two IP addresses with a semicolon.

4)Keep other options as default and click Start Discovery.

2.Re-discover Checkpoint Firewall R80 via API after the SNMP/CLI discovery is completed.

1)Clear the IP addresses from the IP Range field.

2)Click Select API Servers and select the one you have configured.

3)Keep other options as default and click Start Discovery.

Note: The discovery only retrieves basic information about Checkpoint Firewall R80 via Checkpoint APIs. After the discovery, you need to run a benchmark to retrieve more data.

Running a Benchmark Task

After the discovery is done, run a benchmark task to update the data of Checkpoint Firewall R80 devices and build topology in the system. Refer to Online Help for more reference.