Check Point policies revolve around Objects which allows an administrator to filter traffic based on which object represent the source or the destination. Some objects, like Security Zones, services and application, etc., are available by default when a site is first deployed. Deployment specific objects like Networks, Host objects, IP Address ranges, etc., must be created by an administrator before they can be used.
The Check Point SMART deployment provides multiple options for creating these objects and the method employed is up to administrator. The Check Point SmartConsole allows for the GUI creation using Object Explorer/Object Pane (Ctrl E & F11) or the Objects menu option.
Or, using the logging feature, an administrator can create an object “on the fly” by right-clicking a particular entry and selecting create host.
Another option would be to utilize the built-in Management API to read information, create objects, work on Security Policies and send commands to the Check Point Security Management Server. The Management API has four options for launching:
- Web Services – Using JSON/XML to send API commands over an https connection using web-services.
- Smart Console – Typing API commands from a dialog inside the SmartConsole GUI application.
- mgmt_cli tool – Typing API commands using the “mgmt_cli” executable with a Windows or Linux/Gaia version available. Each formatted command is prefaced with “mgmt_cli”.
- Gaia Clish – Typing API commands using Gaia’s secure shell (clish). Each formatted command is prefaced with mgmt.
For more information on using these options, see the Management API Reference Guide or take the CCAS training course.