Skip to main content

Setting up Check Point CMA Integration

  • Updated

Summary

In order for the Check Point MDR team to monitor your domains in your MDS environment, we will require integration with your management server.  We connect to the Management API in order to request Alerts to ingest.

 

If you need any assistance with this procedure, please open a ticket in the MDR Customer portal under "MDR Support" or if you are currently onboarding reply to your welcome email, and we will schedule a time to assist.

 

Note: We will need these three items filled in on the MDR customer portal profile page when adding the integration also ensure the procedure outlined below is completed before adding:

  • Client Secret (API Key Generated during the below procedure)
  • Client URL (external Management IP)
  • Client Domain (CMA Domain Name)

 

Procedure

Create and Authorize API Key

  • Log into the MDS level in Smart Console
  • Navigate to: Manage and Settings > Blades > Management API > Set to “All IPs that can be used for GUI Clients”
  • Navigate to: Permissions and Administrators > Trusted Clients > Add IP
    Screen_Shot_2022-08-05_at_2.57.05_PM.png
    • Add a separate Client for each of the IP’s listed:
    • Name:  Check Point MDR
      • Addresses:
          • 3.13.200.7
          • 3.129.80.210
          • 3.130.105.153
          • 3.130.218.157
          • 3.139.112.208
          • 13.58.102.105
          • 18.116.182.107
          • 18.221.166.80
          • 18.222.19.228
          • 18.223.142.133


        Screen_Shot_2022-08-25_at_3.59.36_PM.png
  • Navigate to: Permissions and Administrators > Administrators > Add New User
    • Name:  Check Point MDR
    • Auth Method API Key
    • Click Generate API Key and make note of this
    • Permissions Profile = Domain Level Only
    • Permissions Per Domain  = add the appropriate domains
    • Expiration: Never Expire
      Screen_Shot_2022-08-05_at_2.58.49_PM.png
  • Publish changes
  • Go to CLI (Gateways and Servers > Right Click Manager > Actions > Open Shell) and enter “api restart”
  • Enter “api status” to verify the service is running on port 443

Create Access Rules

  • Log in to the appropriate CMAs to add rules to allow traffic to the Domain Server from the internet on HTTPS (TCP/443)
  • If no NAT exists and the management is on internal IP space, create a NAT that allows access from the internet
  • Create host objects for the MDR IP listed above and add them to a group
  • Allow access from the MDR IP group created above to the external IP for the management server
  • Install Policy
  • Install Database to all Management servers
  • If there are other Domains that we will be pulling from, please log in to those and install the database on all management servers.  Also add a CMA integration for each domain on the MDR customer portal (the only detail that will vary is the CMA name) the API Key and MGMT IP will stay the same.

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles