InsightConnect Marketplace

Check Point NGFW

Back to Marketplace

Check Point NGFW

v2.0.1

Check Point Next Generation Firewalls (NGFW) are trusted by customers for their highest security effectiveness and their ability to keep organizations protected from sophisticated fifth generation cyber-attacks

Tags: firewall, checkpoint


Actions
  • Add Access Rule
  • Add Address Object to Group
  • Check if Address in Group
  • Create Address Object
  • Discard All Sessions
  • Install Policy
  • Remove Access Rule
  • Remove Address Object from Group
  • Remove Host
  • Set Threat Protection
  • Show Access Rulebase

Description

Check Point’s Next Generation Firewalls (NGFW’s) are trusted by customers for their highest security effectiveness and their ability to keep organizations protected from sophisticated fifth generation cyber-attacks.

Key Features

  • Add and remove hosts
  • Add and remove access rules
  • Show rulebase
  • Discard all sessions

Requirements

Documentation

Setup

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum Example
discard_other_sessions boolean False True Force changes made by any plugin actions. Currently logged in users will be logged out of their sessions to allow the plugin to commit changes. Users of Check Point R80+ may not need to enable this option None True
port integer 443 True Check Point server port None 443
server string None True Check Point server IP address None 198.51.100.100
ssl_verify boolean True True Use SSL verification None True
username_password credential_username_password None True Username and password None {"username": "xxxxxx", "password": "xxxxxx"}

Example input:

{
  "discard_other_sessions": true,
  "port": 443,
  "server": "198.51.100.100",
  "ssl_verify": true,
  "username_password": {
    "username": "xxxxxx", 
    "password": "xxxxxx"
  }
}

Technical Details

Actions

Add Address Object to Group

This action is used to add an address object (host) to a group.

Input
Name Type Default Required Description Enum Example
address_object string None True The name of the host object to add None New Host
group string None True Name of the group to add this object to None InsightConnect Block List

Example input:

{
  "address_object": "New Host",
  "group": "InsightConnect Block List"
}
Output
Name Type Required Description
success boolean True Success

Example output:

{
  "success": true
}

Remove Address Object from Group

This action removes an address object (host) from an address group.

Input
Name Type Default Required Description Enum Example
address_object string None True The name of the address object (host object) to remove None Malicious Host
group string None True Group name None InsightConnect Block List

Example input:

{
  "address_object": "Malicious Host",
  "group": "InsightConnect Block List"
}
Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Check if Address in Group

This action checks to see if an IPv4 or IPv6 address is in an Address Group

Input
Name Type Default Required Description Enum Example
address string None True IPv4 or IPv6 address to check in the group None 198.51.100.100
group string None False Group to check. UID is not supported. Omitting this input will check all groups None InsightConnect Block List

Example input:

{
  "address": "198.51.100.100",
  "group": "InsightConnect Block List"
}
Output
Name Type Required Description
address_objects []string True The names of the address objects that match or contain the address
found boolean True Was address found in group

Install Policy

This action is used to install a policy to selected targets.

Input
Name Type Default Required Description Enum Example
access_control_policy boolean True True Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input policy package, otherwise false None True
desktop_security_policy boolean False True Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the input policy package, otherwise false None False
install_on_all_cluster_members_or_fail boolean False True Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, don't install on that cluster None False
policy_package string standard True Policy package to install None standard
qos_policy boolean False True Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy package, otherwise false None False
targets []string ["target name"] True On what targets to execute this command. Targets may be identified by their name, or object unique identifier None ["checkpoint_fw_1", "checkpoint_fw_2"]
threat_prevention_policy boolean True True Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the input policy package, otherwise false None True

Example input:

{
  "access_control_policy": true,
  "desktop_security_policy": false,
  "install_on_all_cluster_members_or_fail": false,
  "policy_package": "standard",
  "qos_policy": false,
  "targets": [
    "checkpoint_fw_1",
    "checkpoint_fw_2"
  ],
  "threat_prevention_policy": true
}
Output
Name Type Required Description
success boolean True Success

Example output:

{
  "success": true
}

Set Threat Protection

This action is used to set a threat protection action.

Input
Name Type Default Required Description Enum Example
action string None True Action ['Inactive', 'Detect', 'Prevent', 'Drop', 'Accept'] Prevent
name string None True Name of the protection to act on None Blaster Attacks
profile string Optimized True Profile e.g. Optimized, Basic, Strict None Optimized

Example input:

{
  "action": "Prevent",
  "name": "Blaster Attacks",
  "profile": "Optimized"
}
Output
Name Type Required Description
success boolean True Was operation successful

Example output:

{
  "success": true
}

Discard All Sessions

This action is a troubleshooting action that will discard all active sessions. This can sometimes alleviate the issue where objects remain locked after editing.

Input

This action does not contain any inputs.

Output
Name Type Required Description
success boolean True Success

Example output:

{
  "success": true
}

Remove Host

This action is used to remove a host from network objects.

Input
Name Type Default Required Description Enum Example
name string None True Name None 198.51.100.100

Example input:

{
  "name": "198.51.100.100"
}
Output
Name Type Required Description
message string True Remove operation status
success boolean True Success

Example output:

{
  "message": "OK",
  "success": true
}

Create Address Object

This action is used to add an address object (host) as a network object

Input
Name Type Default Required Description Enum Example
color string black False Color ['black', 'aquamarine', 'blue', 'brown', 'burlywood', 'coral', 'crete', 'cyan', 'dark blue', 'dark gold', 'dark gray', 'dark green', 'dark orange', 'dark sea green', 'firebrick', 'forest green', 'gold', 'gray', 'khaki', 'lemon chiffon', 'light green', 'magenta', 'navy blue', 'olive', 'orange', 'orchid', 'pink', 'purple', 'red', 'sea green', 'sienna', 'sky blue', 'slate blue', 'turquoise', 'violet red', 'yellow'] black
host_ip string None True Host IP address None 198.51.100.100
name string None True Name None 198.51.100.100
skip_rfc1918 boolean True True Skip private IP addresses as defined in RFC 1918 None True
whitelist []string None False This list contains a set of network objects that should not be blocked. This can include IP addresses and CIDR IP addresses None ["198.51.100.100", "192.0.2.0/24"]

Example input:

{
  "color": "black",
  "host_ip": "198.51.100.100",
  "name": "198.51.100.100",
  "skip_rfc1918": true,
  "whitelist": ["198.51.100.100", "192.0.2.0/24"]
}
Output
Name Type Required Description
error_message string False The cause of the error (if the action fails)
host_object host_object False Information about the host object that was added
success boolean True Whether or not Check Point could successfully create the address object

Example output:

{
  "success": true,
  "error_message": "A host with the IP address or name already exists!",
  "host_object": {
    "uid": "70c9580f-0708-4878-8fdd-98bd4f6d3b44",
    "name": "192.1.2.1",
    "type": "host",
    "domain": {
      "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name": "SMC User",
      "domain-type": "domain"
    },
    "ipv4-address": "192.1.2.1",
    "interfaces": [],
    "nat-settings": {
      "auto-rule": false
    },
    "groups": [],
    "comments": "",
    "color": "black",
    "icon": "Objects/host",
    "tags": [],
    "meta-info": {
      "lock": "unlocked",
      "validation-state": "ok",
      "last-modify-time": {
        "posix": 1583272492299,
        "iso-8601": "2020-03-03T16:54-0500"
      },
      "last-modifier": "api_admin",
      "creation-time": {
        "posix": 1583272492299,
        "iso-8601": "2020-03-03T16:54-0500"
      },
      "creator": "api_admin"
    },
    "read-only": true
  }
}

Remove Access Rule

This action is used to remove an access rule.

Input
Name Type Default Required Description Enum Example
access_rule_name string None True Access rule name None InsightConnect Access Rule
layer string Network True Layer None Network

Example input:

{
  "access_rule_name": "InsightConnect Access Rule",
  "layer": "Network"
}
Output
Name Type Required Description
message string True Remove operation status
success boolean True Success

Example output:

{
  "message": "OK",
  "success": true
}

Show Access Rulebase

This action is used to show the access rulebase.

Input
Name Type Default Required Description Enum Example
layer_name string Network True Layer name None Network
limit integer 500 False Limit None 500

Example input:

{
  "layer_name": "Network",
  "limit": 500
}
Output
Name Type Required Description
access_rules rulebase_type False Access rules

Example output:

{
  "access_rules": {
    "uid": "50c71672-c7da-40cb-92ae-5c10d61f6739",
    "name": "Network",
    "rulebase": [
      {
        "uid": "6ea80837-2b05-4436-a6d9-75025070a8e5",
        "name": "Cleanup rule",
        "type": "access-rule",
        "domain": {
          "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
          "name": "SMC User",
          "domain-type": "domain"
        },
        "rule-number": 1,
        "track": {
          "type": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
          "per-session": false,
          "per-connection": false,
          "accounting": false,
          "alert": "none"
        },
        "source": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "source-negate": false,
        "destination": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "destination-negate": false,
        "service": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "service-negate": false,
        "vpn": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "action": "6c488338-8eec-4103-ad21-cd461ac2c473",
        "action-settings": {},
        "content": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "content-negate": false,
        "content-direction": "any",
        "time": [
          "97aeb369-9aea-11d5-bd16-0090272ccb30"
        ],
        "custom-fields": {},
        "meta-info": {
          "lock": "unlocked",
          "validation-state": "ok",
          "last-modify-time": {
            "posix": 1539118183442,
            "iso-8601": "2018-10-09T16:49-0400"
          },
          "last-modifier": "System",
          "creation-time": {
            "posix": 1539118183442,
            "iso-8601": "2018-10-09T16:49-0400"
          },
          "creator": "System"
        },
        "enabled": true,
        "install-on": [
          "6c488338-8eec-4103-ad21-cd461ac2c476"
        ]
      }
    ],
    "objects-dictionary": [
      {
        "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
        "name": "Any",
        "type": "CpmiAnyObject",
        "domain": {
          "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
          "name": "Check Point Data",
          "domain-type": "data domain"
        },
        "color": "black",
        "meta-info": {
          "validation-state": "ok",
          "last-modify-time": {
            "posix": 1539092746487,
            "iso-8601": "2018-10-09T09:45-0400"
          },
          "last-modifier": "System",
          "creation-time": {
            "posix": 1539092746487,
            "iso-8601": "2018-10-09T09:45-0400"
          },
          "creator": "System"
        },
        "tags": [],
        "icon": "General/globalsAny"
      },
      {
        "uid": "6c488338-8eec-4103-ad21-cd461ac2c473",
        "name": "Drop",
        "type": "RulebaseAction",
        "domain": {
          "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
          "name": "Check Point Data",
          "domain-type": "data domain"
        },
        "color": "none",
        "meta-info": {
          "validation-state": "ok",
          "last-modify-time": {
            "posix": 1539092770251,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "last-modifier": "System",
          "creation-time": {
            "posix": 1539092770251,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "creator": "System"
        },
        "tags": [],
        "icon": "Actions/actionsDrop",
        "comments": "Drop",
        "display-name": "Drop"
      },
      {
        "uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
        "name": "None",
        "type": "Track",
        "domain": {
          "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
          "name": "Check Point Data",
          "domain-type": "data domain"
        },
        "color": "none",
        "meta-info": {
          "validation-state": "ok",
          "last-modify-time": {
            "posix": 1539092769942,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "last-modifier": "System",
          "creation-time": {
            "posix": 1539092769942,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "creator": "System"
        },
        "tags": [],
        "icon": "General/globalsNone",
        "comments": "No tracking."
      },
      {
        "uid": "6c488338-8eec-4103-ad21-cd461ac2c476",
        "name": "Policy Targets",
        "type": "Global",
        "domain": {
          "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
          "name": "Check Point Data",
          "domain-type": "data domain"
        },
        "color": "none",
        "meta-info": {
          "validation-state": "ok",
          "last-modify-time": {
            "posix": 1539092769822,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "last-modifier": "System",
          "creation-time": {
            "posix": 1539092769822,
            "iso-8601": "2018-10-09T09:46-0400"
          },
          "creator": "System"
        },
        "tags": [],
        "icon": "General/globalsAny",
        "comments": "The policy target gateways"
      }
    ],
    "from": 1,
    "to": 1,
    "total": 1
  }
}

Add Access Rule

This action is used to create a rule to block traffic.

Input
Name Type Default Required Description Enum Example
action string Drop True Action to take ['Accept', 'Drop', 'Ask', 'Inform', 'Reject', 'User Auth', 'Client Auth', 'Apply Layer'] Drop
destination string None False Destination network object name None 198.51.100.100
layer string Network True Layer to add this rule to None Network
list_of_services []string None False List of services to block None ["AOL", "SMTP"]
name string None True Rule name None Malicious IP Addresses
position string top True Position in the list of rules. e.g. top, bottom, 15 None 1
source string None False Source network object name None 198.51.100.100

Example input:

{
  "action": "Drop",
  "destination": "198.51.100.100",
  "layer": "Network",
  "list_of_services": [
    "AOL",
    "SMTP"
  ],
  "name": "Malicious IP Addresses",
  "position": 1,
  "source": "198.51.100.100"
}
Output
Name Type Required Description
access_rule access_rule True The rule that was created

Example output:

{
  "uid": "c8e7657e-dd78-4189-9999-78546892db06",
  "name": "Rule 1",
  "type": "access-rule",
  "domain": {
    "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name": "SMC User",
    "domain-type": "domain"
  },
  "track": {
    "type": {
      "uid": "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
      "name": "None",
      "type": "Track",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    },
    "per-session": false,
    "per-connection": false,
    "accounting": false,
    "alert": "none"
  },
  "layer": "50c71672-c7da-40cb-92ae-5c10d61f6739",
  "source": [
    {
      "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name": "Any",
      "type": "CpmiAnyObject",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    }
  ],
  "source-negate": false,
  "destination": [
    {
      "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name": "Any",
      "type": "CpmiAnyObject",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    }
  ],
  "destination-negate": false,
  "service": [
    {
      "uid": "97aeb44f-9aea-11d5-bd16-0090272ccb30",
      "name": "AOL",
      "type": "service-tcp",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      },
      "port": "5190"
    }
  ],
  "service-negate": false,
  "vpn": [
    {
      "uid": "66b5d03a-a64e-481f-97d9-4a61f8602840",
      "name": "MyIntranet",
      "type": "vpn-community-meshed",
      "domain": {
        "uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
        "name": "SMC User",
        "domain-type": "domain"
      }
    }
  ],
  "action": {
    "uid": "6c488338-8eec-4103-ad21-cd461ac2c473",
    "name": "Drop",
    "type": "RulebaseAction",
    "domain": {
      "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name": "Check Point Data",
      "domain-type": "data domain"
    }
  },
  "action-settings": {},
  "content": [
    {
      "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name": "Any",
      "type": "CpmiAnyObject",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    }
  ],
  "content-negate": false,
  "content-direction": "any",
  "time": [
    {
      "uid": "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name": "Any",
      "type": "CpmiAnyObject",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    }
  ],
  "custom-fields": {
    "field-1": "",
    "field-2": "",
    "field-3": ""
  },
  "meta-info": {
    "lock": "locked by current session",
    "validation-state": "ok",
    "last-modify-time": {
      "posix": 1582906756962,
      "iso-8601": "2020-02-28T11:19-0500"
    },
    "last-modifier": "admin",
    "creation-time": {
      "posix": 1582906756962,
      "iso-8601": "2020-02-28T11:19-0500"
    },
    "creator": "admin"
  },
  "comments": "",
  "enabled": true,
  "install-on": [
    {
      "uid": "6c488338-8eec-4103-ad21-cd461ac2c476",
      "name": "Policy Targets",
      "type": "Global",
      "domain": {
        "uid": "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name": "Check Point Data",
        "domain-type": "data domain"
      }
    }
  ]
}

Triggers

This plugin does not contain any triggers.

Custom Output Types

access_rule

Name Type Required Description
Action action_type False Action
Action-Settings object False Action-settings
Comments string False Comments
Content []action_type False Content
Content-Direction string False Content-direction
Content-Negate boolean False Content-negate
Custom-Fields object False Custom-fields
Destination []action_type False Destination
Destination-Negate boolean False Destination-negate
Domain domain False Domain
Enabled boolean False Enabled
Install-On []action_type False Install-on
Layer string False Layer
Meta-Info meta_info_type False Meta-info
Name string False Name
Service []objects_dictionary_type False Service
Service-Negate boolean False Service-negate
Source []action_type False Source
Source-Negate boolean False Source-negate
Time []action_type False Time
Track track False Track
Type string False Type
UID string False UID
VPN []action_type False VPN

action_type

Name Type Required Description
Domain domain False Domain
Name string False Name
Type string False Type
UID string False UID

creation_time_type

Name Type Required Description
ISO-8601 string False ISO-8601
POSIX integer False POSIX

domain

Name Type Required Description
Domain-Type string False Domain-type
Name string False Name
UID string False UID

host_object

Name Type Required Description
Color string False Color
Comments string False Comments
Domain domain False Domain
Groups []object False Groups
Icon string False Icon
Interfaces []object False Interfaces
IPv4-Address string False IPv4-address
Meta-Info meta_info_type False Meta-info
Name string False Name
NAT-Settings object False NAT-settings
Read-Only boolean False Read-only
Tags []object False Tags
Type string False Type
UID string False UID

meta-info_0

Name Type Required Description
Creation-Time creation_time_type False Creation-time
Creator string False Creator
Last-Modifier string False Last-modifier
Last-Modify-Time creation_time_type False Last-modify-time
Lock string False Lock
Validation-State string False Validation-state

meta_info_type

Name Type Required Description
Creation-Time creation_time_type False Creation-time
Creator string False Creator
Last-Modifier string False Last-modifier
Last-Modify-Time creation_time_type False Last-modify-time
Lock string False Lock
Validation-State string False Validation-state

objects_dictionary_type

Name Type Required Description
Color string False Color
Comments string False Comments
Custom Fields object False Custom fields
Display-Name string False Display-name
Domain domain False Domain
Icon string False Icon
Meta-Info meta_info_type False Meta-info
Name string False Name
Port string False Port
Tags []object False Tags
Type string False Type
UID string False UID

rulebase_type

Name Type Required Description
From integer False From
Name string False Name
Objects-Dictionary []objects_dictionary_type False Objects-dictionary
Rulebase []objects_dictionary_type False Rulebase
To integer False To
Total integer False Total
UID string False UID

track

Name Type Required Description
Accounting boolean False Accounting
Alert string False Alert
Per-Connection boolean False Per-connection
Per-Session boolean False Per-session
Type action_type False Type

Troubleshooting

Connections to the Check Point security management is based upon client to server sessions. Multiple administrators may connect at one time and from R80.20 M1, one administrator can open more than one session at a time. Policy and objects are locked when an administrator makes changes to those objects. The lock is released when a publish or discard occurs.

If the plugin tries to make a change while an administrator has a pending change, the plugin will sometimes fail. To prevent this, you can set the Discard Other Changes boolean value to True in each action. That will effectively remove all other pending changes when the plugin tries to publish its changes. A best practice is to have separate administrator accounts so that you can better track changes done via the plugin or manually via SmartConsole.

Common Errors

403 Forbidden

If you are presented with a 403 Forbidden error when running the connection test, the API hasn't been enabled and will need to be enabled for the connection test to succeed.

For more information on enabling the API visit:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/td-p/32641

err_login_failed

If the plugin gives this error during the connection test:

{
  "code" : "err_login_failed",
  "message" : "Authentication to server failed."
}

Verify the password on the account you are using. Make sure the user that you are logging in with has administrative privileges.

Version History

  • 2.0.1 - Revise Create Address Object action output
  • 2.0.0 - New actions Check if Address in Group, Remove Address Object from Group | Rename "Add Host" action to "Create Address Object" and add whitelist support | Move "Discard Sessions" input from individual actions to connection
  • 1.3.0 - Update to add install options to Install Policy
  • 1.2.0 - New action Install Policy | Fix issue where logout could fail | Update to help to improve troubleshooting | Update to Add Host action to with color option
  • 1.1.0 - New action Add Host to Network Group
  • 1.0.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: [insightconnect]
name: checkpoint_ngfw
title: Check Point NGFW
description: Check Point Next Generation Firewalls (NGFW) are trusted by customers for their highest security effectiveness and their ability to keep organizations protected from sophisticated fifth generation cyber-attacks
version: 2.0.1
vendor: rapid7
support: community
status: []
resources:
  source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/checkpoint_ngfw
  license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
tags:
- firewall
- checkpoint
hub_tags:
  use_cases: [application_management, threat_detection_and_response, vulnerability_management]
  keywords: [firewall, check, point, decoder, utilities]
  features: []

types:
  domain:
    domain-type:
      title: "Domain"
      type: string
      description: "Domain"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
  action_type:
    domain:
      title: "Domain"
      type: domain
      description: "Domain"
      required: false
    type:
      title: "Type"
      type: string
      description: "Type"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
  creation_time_type:
    posix:
      title: "POSIX"
      type: integer
      description: "POSIX"
      required: false
    iso-8601:
      title: "ISO-8601"
      type: string
      description: "ISO-8601"
      required: false
  meta_info_type:
    validation-state:
      title: "Validation-State"
      type: string
      description: "Validation-state"
      required: false
    creation-time:
      title: "Creation-Time"
      type: creation_time_type
      description: "Creation-time"
      required: false
    last-modifier:
      title: "Last-Modifier"
      type: string
      description: "Last-modifier"
      required: false
    last-modify-time:
      title: "Last-Modify-Time"
      type: creation_time_type
      description: "Last-modify-time"
      required: false
    lock:
      title: "Lock"
      type: string
      description: "Lock"
      required: false
    creator:
      title: "Creator"
      type: string
      description: "Creator"
      required: false
  objects_dictionary_type:
    domain:
      title: "Domain"
      type: domain
      description: "Domain"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    tags:
      title: "Tags"
      type: "[]object"
      description: "Tags"
      required: false
    color:
      title: "Color"
      type: string
      description: "Color"
      required: false
    comments:
      title: "Comments"
      type: string
      description: "Comments"
      required: false
    meta-info:
      title: "Meta-Info"
      type: meta_info_type
      description: "Meta-info"
      required: false
    port:
      title: "Port"
      type: string
      description: "Port"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
    customFields:
      title: "Custom Fields"
      type: object
      description: "Custom fields"
      required: false
    type:
      title: "Type"
      type: string
      description: "Type"
      required: false
    display-name:
      title: "Display-Name"
      type: string
      description: "Display-name"
      required: false
    icon:
      title: "Icon"
      type: string
      description: "Icon"
      required: false
  meta-info_0:
    creation-time:
      title: "Creation-Time"
      type: creation_time_type
      description: "Creation-time"
      required: false
    validation-state:
      title: "Validation-State"
      type: string
      description: "Validation-state"
      required: false
    last-modifier:
      title: "Last-Modifier"
      type: string
      description: "Last-modifier"
      required: false
    lock:
      title: "Lock"
      type: string
      description: "Lock"
      required: false
    creator:
      title: "Creator"
      type: string
      description: "Creator"
      required: false
    last-modify-time:
      title: "Last-Modify-Time"
      type: creation_time_type
      description: "Last-modify-time"
      required: false
  track:
    per-connection:
      title: "Per-Connection"
      type: boolean
      description: "Per-connection"
      required: false
    accounting:
      title: "Accounting"
      type: boolean
      description: "Accounting"
      required: false
    type:
      title: "Type"
      type: action_type
      description: "Type"
      required: false
    per-session:
      title: "Per-Session"
      type: boolean
      description: "Per-session"
      required: false
    alert:
      title: "Alert"
      type: string
      description: "Alert"
      required: false
  rulebase_type:
    objects-dictionary:
      title: "Objects-Dictionary"
      type: "[]objects_dictionary_type"
      description: "Objects-dictionary"
      required: false
    from:
      title: "From"
      type: integer
      description: "From"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    rulebase_array:
      title: "Rulebase"
      type: "[]objects_dictionary_type"
      description: "Rulebase"
      required: false
    to:
      title: "To"
      type: integer
      description: "To"
      required: false
    total:
      title: "Total"
      type: integer
      description: "Total"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
  access_rule:
    domain:
      title: "Domain"
      type: domain
      description: "Domain"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
    custom-fields:
      title: "Custom-Fields"
      type: object
      description: "Custom-fields"
      required: false
    layer:
      title: "Layer"
      type: string
      description: "Layer"
      required: false
    content-direction:
      title: "Content-Direction"
      type: string
      description: "Content-direction"
      required: false
    content-negate:
      title: "Content-Negate"
      type: boolean
      description: "Content-negate"
      required: false
    source-negate:
      title: "Source-Negate"
      type: boolean
      description: "Source-negate"
      required: false
    vpn:
      title: "VPN"
      type: "[]action_type"
      description: "VPN"
      required: false
    service:
      title: "Service"
      type: "[]objects_dictionary_type"
      description: "Service"
      required: false
    destination:
      title: "Destination"
      type: "[]action_type"
      description: "Destination"
      required: false
    comments:
      title: "Comments"
      type: string
      description: "Comments"
      required: false
    content:
      title: "Content"
      type: "[]action_type"
      description: "Content"
      required: false
    source:
      title: "Source"
      type: "[]action_type"
      description: "Source"
      required: false
    destination-negate:
      title: "Destination-Negate"
      type: boolean
      description: "Destination-negate"
      required: false
    type:
      title: "Type"
      type: string
      description: "Type"
      required: false
    track:
      title: "Track"
      type: track
      description: "Track"
      required: false
    time:
      title: "Time"
      type: "[]action_type"
      description: "Time"
      required: false
    install-on:
      title: "Install-On"
      type: "[]action_type"
      description: "Install-on"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    service-negate:
      title: "Service-Negate"
      type: boolean
      description: "Service-negate"
      required: false
    enabled:
      title: "Enabled"
      type: boolean
      description: "Enabled"
      required: false
    meta-info:
      title: "Meta-Info"
      type: meta_info_type
      description: "Meta-info"
      required: false
    action-settings:
      title: "Action-Settings"
      type: object
      description: "Action-settings"
      required: false
    action:
      title: "Action"
      type: action_type
      description: "Action"
      required: false

  host_object:
    domain:
      title: "Domain"
      type: domain
      description: "Domain"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    tags:
      title: "Tags"
      type: "[]object"
      description: "Tags"
      required: false
    color:
      title: "Color"
      type: string
      description: "Color"
      required: false
    interfaces:
      title: "Interfaces"
      type: "[]object"
      description: "Interfaces"
      required: false
    nat-settings:
      title: "NAT-Settings"
      type: object
      description: "NAT-settings"
      required: false
    comments:
      title: "Comments"
      type: string
      description: "Comments"
      required: false
    meta-info:
      title: "Meta-Info"
      type: meta_info_type
      description: "Meta-info"
      required: false
    groups:
      title: "Groups"
      type: "[]object"
      description: "Groups"
      required: false
    uid:
      title: "UID"
      type: string
      description: "UID"
      required: false
    ipv4-address:
      title: "IPv4-Address"
      type: string
      description: "IPv4-address"
      required: false
    type:
      title: "Type"
      type: string
      description: "Type"
      required: false
    read-only:
      title: "Read-Only"
      type: boolean
      description: "Read-only"
      required: false
    icon:
      title: "Icon"
      type: string
      description: "Icon"
      required: false

connection:
  username_password:
    type: credential_username_password
    title: Credentials
    description: Username and password
    required: true
    example: '{"username": "xxxxxx", "password": "xxxxxx"}'
  server:
    type: string
    title: Check Point Server IP Address
    description: Check Point server IP address
    example: 198.51.100.100
    required: true
  port:
    type: integer
    title: Check Point Server Port
    description: Check Point server port
    required: true
    example: 443
    default: 443
  ssl_verify:
    type: boolean
    title: SSL Verify
    description: Use SSL verification
    required: true
    example: true
    default: true
  discard_other_sessions:
    title: Force Changes
    type: boolean
    description: Force changes made by any plugin actions. Currently logged in users will be logged out of their sessions to allow the plugin to commit changes. Users of Check Point R80+ may not need to enable this option
    required: true
    default: false
    example: true

actions:
  show_access_rulebase:
    title: Show Access Rulebase
    description: Show the access rulebase
    input:
      layer_name:
        title: Layer Name
        description: Layer name
        type: string
        default: Network
        example: Network
        required: true
      limit:
        title: Limit
        description: Limit
        type: integer
        default: 500
        example: 500
        required: false
    output:
      access_rules:
        title: Access Rules
        description: Access rules
        type: rulebase_type
        required: false

  add_access_rule:
    title: Add Access Rule
    description: Create a rule to block traffic
    input:
      name:
        title: Name
        type: string
        description: Rule name
        required: true
        example: Malicious IP Addresses
        order: 1
      list_of_services:
        title: List of Services
        type: "[]string"
        description: List of services to block
        example: ["AOL", "SMTP"]
        required: false
        order: 2
      layer:
        title: Layer
        type: string
        description: Layer to add this rule to
        required: true
        default: Network
        example: Network
        order: 3
      source:
        title: Source
        description: Source network object name
        type: string
        example: 198.51.100.100
        required: false
        order: 4
      destination:
        title: Destination
        description: Destination network object name
        type: string
        example: 198.51.100.100
        required: false
        order: 5
      action:
        title: Action
        type: string
        description: Action to take
        required: true
        default: Drop
        example: Drop
        order: 6
        enum:
          - Accept
          - Drop
          - Ask
          - Inform
          - Reject
          - User Auth
          - Client Auth
          - Apply Layer
      position:
        title: Position
        type: string
        description: Position in the list of rules. e.g. top, bottom, 15
        required: true
        default: "top"
        example: 1
        order: 7
    output:
      access_rule:
        title: Block Rule
        description: The rule that was created
        type: access_rule
        required: true

  remove_access_rule:
    title: Remove Access Rule
    description: Remove an access rule
    input:
      access_rule_name:
        title: Access Rule Name
        description: Access rule name
        type: string
        required: true
        example: InsightConnect Access Rule
        order: 1
      layer:
        title: Layer
        description: Layer
        type: string
        default: Network
        example: Network
        required: true
        order: 2
    output:
      message:
        title: Message
        description: Remove operation status
        type: string
        required: true
      success:
        title: Success
        description: Success
        type: boolean
        required: true

  create_address_object:
    title: Create Address Object
    description: Add an address object (host object) as a network object
    input:
      name:
        title: Name
        description: Name
        type: string
        required: true
        example: 198.51.100.100
        order: 1
      host_ip:
        title: Host IP Address
        description: Host IP address
        type: string
        required: true
        example: 198.51.100.100
        order: 2
      color:
        title: Color
        description: Color
        required: false
        type: string
        default: black
        example: black
        order: 4
        enum:
          - black
          - aquamarine
          - blue
          - brown
          - burlywood
          - coral
          - crete
          - cyan
          - dark blue
          - dark gold
          - dark gray
          - dark green
          - dark orange
          - dark sea green
          - firebrick
          - forest green
          - gold
          - gray
          - khaki
          - lemon chiffon
          - light green
          - magenta
          - navy blue
          - olive
          - orange
          - orchid
          - pink
          - purple
          - red
          - sea green
          - sienna
          - sky blue
          - slate blue
          - turquoise
          - violet red
          - yellow
      whitelist:
        title: Whitelist
        description: This list contains a set of network objects that should not be blocked. This can include IP addresses and CIDR IP addresses
        type: "[]string"
        example: '["198.51.100.100", "192.0.2.0/24"]'
        required: false
      skip_rfc1918:
        title: Skip RFC 1918 (Private) IP Addresses
        description: Skip private IP addresses as defined in RFC 1918
        type: boolean
        example: true
        required: true
        default: true
    output:
      host_object:
        title: Host
        description: Information about the host object that was added
        type: host_object
        required: false
      success:
        title: Success
        description: Whether or not Check Point could successfully create the address object
        type: boolean
        required: true
      error_message:
        title: Error Message
        description: The cause of the error (if the action fails)
        type: string
        required: false

  remove_host:
    title: Remove Host
    description: Remove a host object from network objects
    input:
      name:
        title: Name
        description: Name
        type: string
        required: true
        example: 198.51.100.100
        order: 1
    output:
      message:
        title: Message
        description: Remove operation status
        type: string
        required: true
      success:
        title: Success
        description: Success
        type: boolean
        required: true

  add_address_object_to_group:
    title: Add Address Object to Group
    description: Add an address object (host object) to a group
    input:
      group:
        title: Group
        description: Name of the group to add this object to
        required: true
        type: string
        order: 1
        example: "InsightConnect Block List"
      address_object:
        title: Host Name
        description: The name of the host object to add
        required: true
        type: string
        order: 2
        example: "New Host"
    output:
      success:
        title: Success
        description: Success
        type: boolean
        required: true

  set_threat_protection:
    title: Set Threat Protection
    description: Set threat protection action per profile
    input:
      name:
        title: Name
        description: Name of the protection to act on
        example: Blaster Attacks
        required: true
        type: string
        order: 1
      action:
        title: Action
        description: Action
        required: true
        example: Prevent
        type: string
        order: 2
        enum:
          - Inactive
          - Detect
          - Prevent
          - Drop
          - Accept
      profile:
        title: Profile
        description: Profile e.g. Optimized, Basic, Strict
        example: Optimized
        required: true
        type: string
        default: Optimized
        order: 3
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true

  discard_all_sessions:
    title: Discard All Sessions
    description: Troubleshooting action to discard all other user sessions
    output:
      success:
        title: Success
        description: Success
        type: boolean
        required: true

  install_policy:
    title: Install Policy
    description: Install a policy to selected targets
    input:
      policy_package:
        title: Policy Package
        description: Policy package to install
        type: string
        required: true
        default: standard
        example: standard
        order: 1
      targets:
        title: Targets
        description: On what targets to execute this command. Targets may be identified by their name, or object unique identifier
        type: "[]string"
        default: ["target name"]
        example: ["checkpoint_fw_1", "checkpoint_fw_2"]
        required: true
        order: 2
      access_control_policy:
        title: Access Control Policy
        description: Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input policy package, otherwise false
        type: boolean
        default: true
        example: true
        required: true
      desktop_security_policy:
        title: Desktop Security Policy
        description: Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the input policy package, otherwise false
        type: boolean
        default: false
        example: false
        required: true
      qos_policy:
        title: QoS Policy
        description: Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy package, otherwise false
        type: boolean
        default: false
        example: false
        required: true
      threat_prevention_policy:
        title: Threat Prevention Policy
        description: Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the input policy package, otherwise false
        type: boolean
        default: true
        example: true
        required: true
      install_on_all_cluster_members_or_fail:
        title: Install Access Control Policy
        description: Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, don't install on that cluster
        type: boolean
        required: true
        example: false
        default: false
        order: 3
    output:
      success:
        title: Success
        description: Success
        type: boolean
        required: true

  check_if_address_in_group:
    title: Check if Address in Group
    description: Checks to see if an IPv4 or IPv6 address is in an Address Group
    input:
      group:
        title: Group
        description: Group to check. UID is not supported. Omitting this input will check all groups
        type: string
        required: false
        example: InsightConnect Block List
        order: 1
      address:
        title: Address
        description: IPv4 or IPv6 address to check in the group
        type: string
        required: true
        example: 198.51.100.100
        order: 2
    output:
      found:
        title: Found
        description: Was address found in group
        type: boolean
        required: true
      address_objects:
        title: Address Objects
        description: The names of the address objects that match or contain the address
        type: "[]string"
        required: true

  remove_address_object_from_group:
    title: Remove Address Object from Group
    description: Removes an address object (host object) from an address group
    input:
      address_object:
        title: Address Object
        description: The name of the address object (host object) to remove
        type: string
        example: Malicious Host
        required: true
        order: 1
      group:
        title: Group
        description: Group name
        type: string
        example: InsightConnect Block List
        required: true
        order: 2
    output:
      success:
        title: Success
        description: Was operation successful
        type: boolean
        required: true
Other plugins
Check Point NGFW
Rapid7   |   v2.0.1
Plugin
Get
Cb Response
Rapid7   |   v3.1.9
Plugin
Get
Fortinet FortiGate
Rapid7   |   v4.0.0
Plugin
Get
Palo Alto Firewall
Rapid7   |   v6.0.0
Plugin
Get
SentinelOne
Rapid7   |   v1.2.1
Plugin
Get