Document toolboxDocument toolbox

Checkpoint Firewall

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
4 min read
[ 1 Connect Checkpoint FW with Devo SOAR ] [ 2 Actions for CheckpointFW ] [ 2.1 Block IP Address ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 Show Host ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 2.3 Task Status ] [ 2.3.1 Input Field ] [ 2.3.2 Output ] [ 2.4 Show Items in an Access Rulebase ] [ 2.4.1 Input Field ] [ 2.4.2 Output ] [ 2.5 Set Attributes of Rule ] [ 2.5.1 Input Field ] [ 2.5.2 Output ] [ 2.6 Delete Rule ] [ 2.6.1 Input Field ] [ 2.6.2 Output ] [ 3 Release Notes ]

Checkpoint firewall features centralized management control across all networks and cloud environments, increasing operational efficiency and lowering the complexity of managing your security.

Connect Checkpoint FW with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Checkpoint firewall.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Server IP or Hostname: Server IP or Hostname where CheckpointFW is installed and running. Example: 111.111.111.111

  9. Username: Username for Checkpoint FW instance.

  10. Password: Password for Checkpoint FW instance.

  11. After you've entered all the details, click Connect.

Actions for CheckpointFW

Block IP Address

Block one or more IP Addresses using Checkpoint Firewall.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

IP Address

Column name that contains IP address.

Required

Direction

Direction to block traffic "to" or "from" the IPs, or "both"(default is "both").

Optional

Rule Name

Column name that contains Base name for added rules inside checkpoint db.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: IP blocked successfully

Show Host

Show host objects configured in Checkpoint FW.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Limit

The maximal number of returned results (Default is all records).

Optional

Offset

Number of the results to initially skip (Default is all records).

Optional

Order

Sorts the results by search criteria. Automatically sorts the results by Name, in ascending order. Example: {"DESC":"name"}.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of host objects

Task Status

Shows status of a checkpoint task by task UUID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Task ID

Column name that contains Task ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Task details

Show Items in an Access Rulebase

Show items in an access rulebase configured in Checkpoint FW.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Rule Name

Column name that contains Rule Name.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of items in an access rulebase

Set Attributes of Rule

Set attributes of an access rule object configured in Checkpoint FW.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

UID

Column name that contains UID.

Required

Name

Column name that contains Name.

Required

Rule Number

Column name that contains Rule Number.

Required

Layer

Column name that contains Layer.

Required

Enabled

True to enable the rule, false to disable it (default is True).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Access rule details

Delete Rule

Delete a firewall Rule.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

UID

Column name that contains UID.

Required

Name

Column name that contains Name.

Required

Rule Number

Column name that contains Rule Number.

Required

Layer

Column name that contains Layer.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result:

Release Notes

  • v3.0.0 - Updated architecture to support IO via filesystem