1. Expel Help Center
  2. Connect Your Technology
  3. A-C Integrations
  4. Check Point

Check Point Quantum Network Security Setup for Workbench

This onboarding guide helps you set up your Check Point Quantum Network Security device in Workbench.

Prerequisites

  1. You must have an administrator account configured on the Security Management Server for Check Point Quantum.
  2. You must know (or obtain) your Security Management Server's server address, including the port, as you will need this information when you configure the device in Workbench.
    • You may also use the FQDN for this purpose.

Quick Links

Setup includes the following steps (select any step for detailed instructions):

  1. Enable API Access for Expel
  2. Add Check Point Quantum as a Security Device in Workbench

Step 1: Enable API Access for Expel

You must create a new admin user for Expel, and grant us access to the management API via an API key.

  1. Log in to the Security Management Server via the SmartConsole application or use the web login.
  2. In the left navigation, go to Manage & Settings > Permissions & Administrators > Administrators.
  3. Select the New icon in the top menu.
  4. Enter "Expel" as the administrator name.
  5. For Authentication:
    1. Select API Key as the authentication method.
    2. Select Generate API key.
    3. In the new window, select Copy key to Clipboard.
    4. Save the API key to a safe place, as you will need it in the next section.
  6. For Permissions, select Read Only All.
  7. For Expiration select Never.
  8. Select OK.
  9. Publish the SmartConsole session.

Step 2: Add Check Point Quantum as a Security Device in Workbench

Make sure you have obtained the server address as instructed in the prerequisites before you configure the integration in Workbench.

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices.
  3. Select Add Security Device.
  4. In the search box, type “Checkpoint” and then select the Check Point Quantum Network Security integration.
  5. Complete the fields as follows:
    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName NetworkSecurity”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
    • Location - enter the location of your integration, for example “cloud;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
    • Server - enter the Security Management Server's server address, including the port number; alternately you may enter the FQDN.
    • API key - enter the API key you saved in the previous section.
    • Select Save.
  6. Your device should be created successfully within a few seconds. A few reminders:
    • After your connection is healthy, it will take some time for your device to begin polling and receiving data.
    • To check on the status, select the downward arrow for your device in the first column and choose View details. You can then scroll to the Connection section to see if your device is fully connected.
    • Polling will happen first; data will be received after that. You must refresh the page to see updates.
    • If your device does not begin polling within 15 minutes, and does not begin receiving data within 30 minutes, contact our support team for help.

To check if alerts are coming through, navigate to Dashboards > Alert Analysis. Scroll to the device you want to check and select the Expel Alerts tab to reveal more alert information. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Related articles