Check Point NGFW
Automate the management of your firewall by isolating hosts from your network, managing access rules, and modifying address objects and groups using the Check Point NGFW plugin for InsightConnect. Additionally, use this plugin to view rulebases, install policies, and set threat protection on your Check Point NGFW Firewall.
To use the Check Point NGFW Connection plugin, you must use an existing Check Point NGFW account or create a dedicated account to configure the connection in InsightConnect. For more information on the functionality of the Check Point NGFW plugin, see the Extension Library listing.
Firewall Blocking Use Case
A common use case for the Check Point NGFW plugin is to quickly respond to threats by blocking them at the firewall. This is accomplished through the management of address objects in address groups. To begin, you must have an existing Check Point NGFW deny-all firewall policy in place with a predefined address group assigned to the policy. As threats are detected, you can leverage the Check Point NGFW plugin to block malicious hosts from your network by adding malicious addresses to the predefined address group, and unblock hosts by removing addresses from the predefined address group. Using the Check Point NGFW plugin and firewall functionality in the way described allows for a safe and flexible policy management of large groups of dynamic addresses.
You can build your own workflow to accomplish this use-case and many more, or you can choose from a number of out-of-the-box prebuilt workflows for firewall blocking to get up and running quickly. These are available on the Rapid7 Extension Library.
Create a new Check Point NGFW user account
If you wish to create a separate Check Point NGFW user account to use with InsightConnect, follow the steps below.
- Open your Check Point NGFW SmartConsole. Log in to Check Point NGFW with a user that has permissions to manage other users.
- From the left hand menu, select Manage & Settings.
- Expand the Permissions & Administrators drop down. Select Administrators.
- From the Administrators menu, select New....
- You must assign your new user account correct permissions to enable it to perform actions in Check Point NGFW. Set a new password, and select the appropriate permissions (most actions require Read/Write access, but you might wish to create a new Permission Profile. This will limit the new user's access to specific plugin actions). Click OK to confirm.
- Now that the new user is created, you should see it in the user list. The next step is to save your changes.
- Click Publish at the top of the SmartConsole GUI to save the new user. Optionally, add a description of the changes.
Configure the Check Point NGFW connection in InsightConnect
Now that you’ve created your user in Check Point NGFW, you can configure the Check Point NGFW connection in InsightConnect to use the plugin.
- In InsightConnect, open the connection configuration for the Check Point NGFW plugin.
- You can do this when selecting the Check Point NGFW plugin during a workflow building session, or by creating the connection independently by choosing Plugins & Tools from the Settings tab on the left menu. On the Plugins & Tools page, select the Connections tab and click Add Connection in the upper-right corner.
- Configure the connection for the Check Point NGFW plugin.
- Give the connection a unique and identifiable name, select where the plugin should run, and choose the Check Point NGFW plugin from the list. If it’s not available, import the plugin from the Installed Plugins tab.
- Configure your Check Point NGFW credentials.
- In the credentials field, select credentials to an existing Check Point NGFW account or enter the username and password for a newly created Check Point NGFW user.
- In the Check Point NGFW URL field enter the full URL to your instance of Check Point NGFW connection.
Test your connection
When you save the connection, the connection test will attempt to authenticate to the specified Check Point NGFW instance. A blue circle on the Connection tile indicates that the Connection test is in progress.
Successful connection test
If there is no circle, the connection succeeded and you're ready to begin orchestrating your processes with Check Point NGFW.
Failed connection test
A red circle indicates that the connection test failed. If this occurs, check your connection details (including the Check Point NGFW URL, username, and password) before trying again.
The log may contain useful troubleshooting information. First, click View to see a list of your recent connection tests.
Under the Test Status tab, expand the dropdown for the test that encountered an error to view its log.