Fortinet Document Library

Version:


Table of Contents

Check Point Firewall

1.1.0
Copy Link

About the connector

Check Point Firewall provides small, medium, and large customers with the latest data and network security protection in an integrated next-generation firewall platform, which reduces complexity and lowers the total cost of ownership. Whether you need next-generation security for your data center, enterprise, small business or home office, Check Point has a solution for you.

This document provides information about the Check Point Firewall connector, which facilitates automated interactions, with a Check Point Firewall server using FortiSOAR™ playbooks. Add the Checkpoint Firewall connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking IP addresses, URLs, or applications, or retrieving a list of blocked IP addresses, URLs, or applications.

Version information

Connector Version: 1.1.0

Authored By: Fortinet

Certified: No

Release Notes for version 1.1.0

Following enhancements have been made to the Check Point Firewall connector in version 1.1.0:

  • Added a new Configuration Parameter named, "Install Policy After Publish".
  • Updated the names of the following actions and playbooks:
    • Get Blocked IPs to Get Blocked IP Addresses
    • Block IP to Block IP Address
    • Unblock IP to Unblock IP Address
    • Get Blocked Applications  to Get Blocked Application Names
    • Block Application to Block Applications
    • Unblock Application to Unblock Applications
    • Block URL to Block URLs
    • Unblock URL to Unblock URLs 

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your CyOPs™repository and run the yum command as a root user to install connectors:

yum install cyops-connector-checkpoint-firewall

Prerequisites to configuring the connector

  • You must have the URL of the Check Point Firewall server to which you will connect and perform the automated operations and the credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
  • To block or unblock IP addresses, URLs, or applications, you need to add the necessary configuration to the Check Point Firewall. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.

Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall

  1. Log on to Check Point Firewall with the necessary credentials.
    Check Point Firewall Standard page
  2. To block or unblock IP Addresses, you must create a policy. Following steps define the process of adding a policy

    1. Create a network group.
    2. Add a new policy in Access Control, and then add the newly created network group in Source. Set the Destination As any and the Action as Drop, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your IP Block Policy configuration parameter. In our example, we have named our network group as cybersponse-block-ip, therefore, you must enter cybersponse-block-ip in the IP Block Policy field.
    3. To block or unblock URLs, you must create a policy. Following steps define the process of adding a policy
    4. Create an application or site object.
    5. Add a new policy in Access Control, and add the newly created application or site object in Services & Applications, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your URL Block Policy configuration parameter. In our example, we have named our application or site object as cybersponse-url-block, therefore, you must enter cybersponse-url-block in the URL Block Policy field.
    6. To block or unblock applications, you must create a policy. Following steps define the process of adding a policy
    7. Create an application or site group object.
    8. Add a new policy in Access Control, and then add the newly created application or site group object in Services & Applications, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your Application Block Policyconfiguration parameter. In our example, we have named our application or site group object as cybersponse-app-block-group, therefore, you must enter cybersponse-app-block-group in the Application Block Policy field.
    9. Configure the firewall using the following steps:
    10. Open SmartConsole and log on to your management server. If you have a multi-domain environment, log on to the MDS domain.
    11. On the left navigation, click Manage & Settings.
    12. Click Blades.
    13. In the Management API section, click Advanced Settings.
    14. Choose between the following options: Accept API calls from the management server only (this is the default setting), All IP addresses that can be used for GUI clients (select this if you want to allow the API server to accept requests only from IP addresses that can be used to connect with the management server using SmartConsole), or All IP addresses.
    15. Once you have made the selection, click the Publish button and use SSH to log on to the management server in the expert mode and type api restart.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In CyOPs™, on the Connectors page, click the Check Point Firewall connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL IP address or Hostname of the Check Point Firewall server to which you will connect and perform automated operations.
Port Port number used for connecting to the Check Point Firewall server.
Username Username to access the Check Point Firewall server to which you will connect and perform the automated operations.
Password Password to access the Check Point Firewall server to which you will connect and perform the automated operations.
IP Block Policy (Network Group Name) List of the IP Hosts that you have specified in Check Point Firewall for blocking or unblocking IP addresses. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
URL Block Policy (Application/Site Name) Name of the URL Group that you have specified in Check Point Firewall for blocking or unblocking URLs. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
Application Block Policy (Application/Site Group Name) Name of the application group that you have specified in Check Point Firewall for blocking or unblocking applications. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.
Install Policy After Publish If you select this option, i.e., set it as True, then the Check Point Firewall connector will install the Policy API immediately after adding or removing items from the policy.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Block URLs Blocks URLs using the URL Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_url
Containment
Unblock URLs Unblocks URLs using the URL Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_url
Remediation
Block IP Address Blocks IP addresses using the IP Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_ip
Containment
Unblock IP Address Unblocks IP addresses using the IP Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_ip
Remediation
Block Applications Blocks applications using the Application Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_app
Containment
Unblock Applications Unblocks applications using the Application Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_app
Remediation
Get Blocked URLs Retrieves a list of URLs that are blocked on Check Point Firewall. get_blocked_url
Investigation
Get Blocked IP Addresses Retrieves a list of IP Addresses that are blocked on Check Point Firewall. get_blocked_ip
Investigation
Get Blocked Application Names Retrieves a list of application names that are blocked on Check Point Firewall. get_blocked_app
Investigation
Validate Configuration Policies Checks whether the policies that you have mentioned in the Configuration parameters section are valid or not. validate_policies
Investigation
Get Sessions Retrieves a list of active sessions from Check Point Firewall. get_sessions
Investigation
Get Session Retrieves details of the session, based on the session UID that you have specified, from Check Point Firewall. get_session
Investigation
Terminate Session Terminates a session on Check Point Firewall, based on the Session UID you have specified. terminate_sessions
Remediation
Get Applications Detail Retrieves a list of applications and associated details from Check Point Firewall. get_app_details
Investigation

operation: Block URLs

Input parameters

Parameter Description
URLs (In CSV or List Format) URLs that you want to block on Check Point Firewall. URLs must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the URLs are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock URLs

Input parameters

Parameter Description
URLs (In CSV or List Format)  URLs that you want to unblock on Check Point Firewall. URLs must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the URLs are successfully unblocked.

The output contains a non-dictionary value.

operation: Block IP Address

Input parameters

Parameter Description
IP Address (In CSV or List Format)  IP addresses that you want to block on Check Point Firewall. IP addresses must be in the list or CSV format.
For example, ["X..X.X.X", "Y.Y.Y.Y"]

Output

The JSON output contains a status message of whether or not the IP addresses are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock IP Address

Input parameters

Parameter Description
IP Address (In CSV or List Format)  IP addresses that you want to unblock on Check Point Firewall. IP addresses must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the IP addresses are successfully unblocked.

The output contains a non-dictionary value.

operation: Block Applications

Input parameters

Parameter Description
Application Names (In CSV or List Format)  List of application names that you want to block on Check Point Firewall. Application names must be in the list format.
For example, ["TeamViewer FileTransfer", "TeamViewer Conferencing"]

Output

The JSON output contains a status message of whether or not the applications are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock Applications

Input parameters

Parameter Description
Application Names (In CSV or List Format)  List of application names that you want to block on Check Point Firewall. Application names must be in the list format.
For example, ["TeamViewer FileTransfer", "TeamViewer Conferencing"]

Output

The JSON output contains a status message of whether or not the applications are successfully unblocked.

The output contains a non-dictionary value.

operation: Get Blocked URLs

Input parameters

None

Output

The JSON output contains a list of URLs that are blocked on Check Point Firewall.

No output schema is available at this time.

operation: Get Blocked IP Addresses

Input parameters

None

Output

The JSON output contains a list of IP addresses that are blocked on Check Point Firewall.

Following image displays a sample output:

No output schema is available at this time.

operation: Get Blocked Application Names

Input parameters

None

Output

The JSON output contains a list of application names that are blocked on Check Point Firewall.

No output schema is available at this time.

operation: Validate Configuration Policies

Input parameters

None

Output

The JSON output contains a status message of whether the policies mentioned in the Configuration parameters section are valid or not.

The output contains the following populated JSON schema:
{
     "Application Block Policy": "",
     "URL Block Policy": "",
     "IP Address Block Policy": ""
}

operation: Get Sessions

Input parameters

None

Output

The JSON output contains a list of active sessions from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "objects": [
         {
             "uid": "",
             "type": "",
             "domain": {
                 "uid": "",
                 "name": "",
                 "domain-type": ""
             }
         }
     ],
     "from": "",
     "total": "",
     "to": ""
}

operation: Get Session

Input parameters

Parameter Description
Session UID UID of the session for which you want to retrieve details from Check Point Firewall.

Output

The JSON output contains details of the session, based on the session UID that you have specified, from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "changes": "",
     "domain": {
         "uid": "",
         "name": "",
         "domain-type": ""
     },
     "uid": "",
     "locks": "",
     "ip-address": "",
     "type": "",
     "connection-mode": "",
     "expired-session": "",
     "application": "",
     "state": "",
     "description": "",
     "in-work": ""
}

operation: Terminate Session

Input parameters

Parameter Description
Session UID UID of the session that you want to discard on Check Point Firewall.

Output

The JSON output contains a status message of whether or not the session is terminated successfully on Check Point Firewall.

The output contains the following populated JSON schema:
{
     "number-of-discarded-changes": "",
     "message": ""
}

operation: Get Applications Detail

Input parameters

Parameter Description
Start Index Start Index from where you want to retrieve results (skip the number of records from the result) from Check Point Firewall.
Number of Results (Range: 1 to 500) Number of results you want to display. Maximum results that can be displayed is 500.

Output

The JSON output contains a list of applications and associated details from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "objects": [
         {
             "uid": "",
             "name": "",
             "type": "",
             "domain": {
                 "uid": "",
                 "name": "",
                 "domain-type": ""
             }
         }
     ],
     "from": "",
     "total": "",
     "to": ""
}

Included playbooks

The Sample-Check Point Firewall-1.1.0 playbook collection comes bundled with the Check Point Firewall connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Check Point Firewall connector.

  • Block Applications
  • Block IP Address
  • Block URLs
  • Get Applications Detail
  • Get Blocked Application Names
  • Get Blocked IP Addresses
  • Get Blocked URLs
  • Get Sessions
  • Get Session
  • Terminate Disconnected Sessions
  • Terminate Session
  • Unblock Applications
  • Unblock IP Address
  • Unblock URLs
  • Validate Configuration Policies

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

About the connector

Check Point Firewall provides small, medium, and large customers with the latest data and network security protection in an integrated next-generation firewall platform, which reduces complexity and lowers the total cost of ownership. Whether you need next-generation security for your data center, enterprise, small business or home office, Check Point has a solution for you.

This document provides information about the Check Point Firewall connector, which facilitates automated interactions, with a Check Point Firewall server using FortiSOAR™ playbooks. Add the Checkpoint Firewall connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking IP addresses, URLs, or applications, or retrieving a list of blocked IP addresses, URLs, or applications.

Version information

Connector Version: 1.1.0

Authored By: Fortinet

Certified: No

Release Notes for version 1.1.0

Following enhancements have been made to the Check Point Firewall connector in version 1.1.0:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your CyOPs™repository and run the yum command as a root user to install connectors:

yum install cyops-connector-checkpoint-firewall

Prerequisites to configuring the connector

Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall

  1. Log on to Check Point Firewall with the necessary credentials.
    Check Point Firewall Standard page
  2. To block or unblock IP Addresses, you must create a policy. Following steps define the process of adding a policy

    1. Create a network group.
    2. Add a new policy in Access Control, and then add the newly created network group in Source. Set the Destination As any and the Action as Drop, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your IP Block Policy configuration parameter. In our example, we have named our network group as cybersponse-block-ip, therefore, you must enter cybersponse-block-ip in the IP Block Policy field.
    3. To block or unblock URLs, you must create a policy. Following steps define the process of adding a policy
    4. Create an application or site object.
    5. Add a new policy in Access Control, and add the newly created application or site object in Services & Applications, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your URL Block Policy configuration parameter. In our example, we have named our application or site object as cybersponse-url-block, therefore, you must enter cybersponse-url-block in the URL Block Policy field.
    6. To block or unblock applications, you must create a policy. Following steps define the process of adding a policy
    7. Create an application or site group object.
    8. Add a new policy in Access Control, and then add the newly created application or site group object in Services & Applications, as shown in the image in step 1.
      When you are configuring your Check Point Firewall connector in CyOPs™, you must use the name that you have specified in this step as your Application Block Policyconfiguration parameter. In our example, we have named our application or site group object as cybersponse-app-block-group, therefore, you must enter cybersponse-app-block-group in the Application Block Policy field.
    9. Configure the firewall using the following steps:
    10. Open SmartConsole and log on to your management server. If you have a multi-domain environment, log on to the MDS domain.
    11. On the left navigation, click Manage & Settings.
    12. Click Blades.
    13. In the Management API section, click Advanced Settings.
    14. Choose between the following options: Accept API calls from the management server only (this is the default setting), All IP addresses that can be used for GUI clients (select this if you want to allow the API server to accept requests only from IP addresses that can be used to connect with the management server using SmartConsole), or All IP addresses.
    15. Once you have made the selection, click the Publish button and use SSH to log on to the management server in the expert mode and type api restart.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In CyOPs™, on the Connectors page, click the Check Point Firewall connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL IP address or Hostname of the Check Point Firewall server to which you will connect and perform automated operations.
Port Port number used for connecting to the Check Point Firewall server.
Username Username to access the Check Point Firewall server to which you will connect and perform the automated operations.
Password Password to access the Check Point Firewall server to which you will connect and perform the automated operations.
IP Block Policy (Network Group Name) List of the IP Hosts that you have specified in Check Point Firewall for blocking or unblocking IP addresses. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
URL Block Policy (Application/Site Name) Name of the URL Group that you have specified in Check Point Firewall for blocking or unblocking URLs. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
Application Block Policy (Application/Site Group Name) Name of the application group that you have specified in Check Point Firewall for blocking or unblocking applications. See the Blocking or Unblocking IP addresses, URLs, or applications in Check Point Firewall section.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.
Install Policy After Publish If you select this option, i.e., set it as True, then the Check Point Firewall connector will install the Policy API immediately after adding or removing items from the policy.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Block URLs Blocks URLs using the URL Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_url
Containment
Unblock URLs Unblocks URLs using the URL Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_url
Remediation
Block IP Address Blocks IP addresses using the IP Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_ip
Containment
Unblock IP Address Unblocks IP addresses using the IP Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_ip
Remediation
Block Applications Blocks applications using the Application Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. block_app
Containment
Unblock Applications Unblocks applications using the Application Block Policy that you have specified while configuring the Check Point Firewall connector. See the Configuration parameters section. unblock_app
Remediation
Get Blocked URLs Retrieves a list of URLs that are blocked on Check Point Firewall. get_blocked_url
Investigation
Get Blocked IP Addresses Retrieves a list of IP Addresses that are blocked on Check Point Firewall. get_blocked_ip
Investigation
Get Blocked Application Names Retrieves a list of application names that are blocked on Check Point Firewall. get_blocked_app
Investigation
Validate Configuration Policies Checks whether the policies that you have mentioned in the Configuration parameters section are valid or not. validate_policies
Investigation
Get Sessions Retrieves a list of active sessions from Check Point Firewall. get_sessions
Investigation
Get Session Retrieves details of the session, based on the session UID that you have specified, from Check Point Firewall. get_session
Investigation
Terminate Session Terminates a session on Check Point Firewall, based on the Session UID you have specified. terminate_sessions
Remediation
Get Applications Detail Retrieves a list of applications and associated details from Check Point Firewall. get_app_details
Investigation

operation: Block URLs

Input parameters

Parameter Description
URLs (In CSV or List Format) URLs that you want to block on Check Point Firewall. URLs must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the URLs are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock URLs

Input parameters

Parameter Description
URLs (In CSV or List Format)  URLs that you want to unblock on Check Point Firewall. URLs must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the URLs are successfully unblocked.

The output contains a non-dictionary value.

operation: Block IP Address

Input parameters

Parameter Description
IP Address (In CSV or List Format)  IP addresses that you want to block on Check Point Firewall. IP addresses must be in the list or CSV format.
For example, ["X..X.X.X", "Y.Y.Y.Y"]

Output

The JSON output contains a status message of whether or not the IP addresses are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock IP Address

Input parameters

Parameter Description
IP Address (In CSV or List Format)  IP addresses that you want to unblock on Check Point Firewall. IP addresses must be in the list or CSV format.
For example, ["www.example1.com", "www.example2.com"]

Output

The JSON output contains a status message of whether or not the IP addresses are successfully unblocked.

The output contains a non-dictionary value.

operation: Block Applications

Input parameters

Parameter Description
Application Names (In CSV or List Format)  List of application names that you want to block on Check Point Firewall. Application names must be in the list format.
For example, ["TeamViewer FileTransfer", "TeamViewer Conferencing"]

Output

The JSON output contains a status message of whether or not the applications are successfully blocked.

The output contains a non-dictionary value.

operation: Unblock Applications

Input parameters

Parameter Description
Application Names (In CSV or List Format)  List of application names that you want to block on Check Point Firewall. Application names must be in the list format.
For example, ["TeamViewer FileTransfer", "TeamViewer Conferencing"]

Output

The JSON output contains a status message of whether or not the applications are successfully unblocked.

The output contains a non-dictionary value.

operation: Get Blocked URLs

Input parameters

None

Output

The JSON output contains a list of URLs that are blocked on Check Point Firewall.

No output schema is available at this time.

operation: Get Blocked IP Addresses

Input parameters

None

Output

The JSON output contains a list of IP addresses that are blocked on Check Point Firewall.

Following image displays a sample output:

No output schema is available at this time.

operation: Get Blocked Application Names

Input parameters

None

Output

The JSON output contains a list of application names that are blocked on Check Point Firewall.

No output schema is available at this time.

operation: Validate Configuration Policies

Input parameters

None

Output

The JSON output contains a status message of whether the policies mentioned in the Configuration parameters section are valid or not.

The output contains the following populated JSON schema:
{
     "Application Block Policy": "",
     "URL Block Policy": "",
     "IP Address Block Policy": ""
}

operation: Get Sessions

Input parameters

None

Output

The JSON output contains a list of active sessions from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "objects": [
         {
             "uid": "",
             "type": "",
             "domain": {
                 "uid": "",
                 "name": "",
                 "domain-type": ""
             }
         }
     ],
     "from": "",
     "total": "",
     "to": ""
}

operation: Get Session

Input parameters

Parameter Description
Session UID UID of the session for which you want to retrieve details from Check Point Firewall.

Output

The JSON output contains details of the session, based on the session UID that you have specified, from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "changes": "",
     "domain": {
         "uid": "",
         "name": "",
         "domain-type": ""
     },
     "uid": "",
     "locks": "",
     "ip-address": "",
     "type": "",
     "connection-mode": "",
     "expired-session": "",
     "application": "",
     "state": "",
     "description": "",
     "in-work": ""
}

operation: Terminate Session

Input parameters

Parameter Description
Session UID UID of the session that you want to discard on Check Point Firewall.

Output

The JSON output contains a status message of whether or not the session is terminated successfully on Check Point Firewall.

The output contains the following populated JSON schema:
{
     "number-of-discarded-changes": "",
     "message": ""
}

operation: Get Applications Detail

Input parameters

Parameter Description
Start Index Start Index from where you want to retrieve results (skip the number of records from the result) from Check Point Firewall.
Number of Results (Range: 1 to 500) Number of results you want to display. Maximum results that can be displayed is 500.

Output

The JSON output contains a list of applications and associated details from Check Point Firewall.

The output contains the following populated JSON schema:
{
     "objects": [
         {
             "uid": "",
             "name": "",
             "type": "",
             "domain": {
                 "uid": "",
                 "name": "",
                 "domain-type": ""
             }
         }
     ],
     "from": "",
     "total": "",
     "to": ""
}

Included playbooks

The Sample-Check Point Firewall-1.1.0 playbook collection comes bundled with the Check Point Firewall connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Check Point Firewall connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.