Checkpoint Connector Setup Guide

This guide outlines the configuration steps to integrate Checkpoint Firewall with XDR using the Event Downloader Connector and Response Connector. It includes steps for API key generation and App Connector usage for private network environments.

1. When to Use App Connector

If the Checkpoint firewall is deployed in a private network without public access, an App Connector is required to establish communication between the firewall and the XDR platform.

👉 Refer to the guide: Setting up App Connector at Client End

2. Generate API Key in Checkpoint Smart Console

1. Log in or sign up to the Checkpoint Smart Console.
2. Navigate to Management and Settings.
3. Click on New to create an API key.

4. Under Authentication:

   • Set Authentication Method to: API Key

5. Under Permissions:

   • Choose the Permission Profile (e.g., Read-only for Ingestion Connector).

     You can choose a different profile based on your use case (e.g., Read/Write for Response Connector).

6. Click OK to generate the API key.
7. Copy and save the API key. It will be used during connector configuration.
8. Click Publish to apply your recent changes.

3. Configuration in XDR

🔹 Checkpoint Event Downloader Connector

Location: XDR → Connectors → Ingestion

1. Select Checkpoint Event Downloader Connector.
2. Click Configure.

3. Provide the following details:

   • Server URL
   • API Key
   • Trust any certificate?: true or false
   • Has public access?: yes or no
   • App Connector Identifier (required if public access = no)
4. Click Validate and Save.

🔹 Checkpoint Response Connector

Location: XDR → Connectors → Response

1. Select Checkpoint Response Connector.
2. Click Configure.

3. Provide the following details:

   • Server URL
   • Access Token (API Key)
   • Trust any certificate?: true or false
   • Has public access?: yes or no
   • App Connector Identifier (if applicable)
4. Click Validate and Save.