pyCheckpoint-API is an SDK that provides a uniform and easy-to-use interface for each of the Checkpoint Firewall product API versions.
This SDK is not affiliated with, nor supported by Checkpoint in any way.
Checkpoint firewalls solution are now using a well detailed API. This SDK simplifies software development using the Checkpoint Firewall API in Python.
This SDK is based on the Checkpoint official API documentation.
This SDK leverages the RESTfly framework developed by Steve McGrath.
This SDK implementation was largely inspired from the pyZscaler SDK development.
- Simplified authentication with Checkpoint API versions.
- Uniform interaction with the Checkpoint API versions.
- Uses python-box to add dot notation access to json data structures.
- Various quality of life enhancements for object CRUD methods.
- Checkpoint Firewall
The most recent version can be installed from pypi as per below.
$ pip install pycheckpoint-api
Before you can interact with the Checkpoint API, you may need to generate API keys directly in the management interface or use a classic username/password at each connection.
Once you have the requirements and you have installed pyCheckpoint-API, you're ready to go.
from pycheckpoint_api.management import Management
from pprint import pprint
# Please note that, as it's an example, we enabled the SSL verify to False to avoid having SSL certificate issues.
# However, it's highly recommanded to use certificates with know certificate authorities.
# If you want to use an API key instead, remove the 'user' and 'password' fields and use the 'api_key' field.
with Management(
hostname='HOSTNAME',
port='PORT',
user='USER',
password='PASSWORD',
version='VERSION',
domain='DOMAIN',
ssl_verify=False,
) as api:
pprint(
"Connection is successfull, we have a token: "
+ api._session.headers["X-chkp-sid"]
)
# Since we are out of the previous block, the API has been disconnected
pprint("Logout is successfull")
Legend:
- 🟢 means "Fully covered"
- 🟡 means "Partially covered"
- 🔴 means "Not covered yet"
Why not all features from the list below are not yet implemented ?: As you might understand, it takes time to implement every feature of the Checkpoint API (code + tests + docs). If you are very interested in some features below, please raise an issue and ask for those and they will be implemented in priority.
Here is the list of endpoints that are currently supported by this SDK and base on the Checkpoint official API reference.:
- 🟢 Session Management
- 🟢 Network Objects
- 🔴 Compliance
- 🔴 Gaia Best Practice
- 🔴 Data Center
- 🔴 Azure Active Directory
- 🔴 Updatable Objects
- 🟢 Service & Applications
- 🟢 Access Control & NAT
- 🔴 VPN
- 🔴 VSX
- 🔴 Threat Prevention
- 🔴 HTTPS Inspection
- 🟢 Policy
- 🔴 Multi-Domain
- 🔴 Migration
- 🔴 SmartTasks
- 🔴 Package Deployment
- 🔴 Users
- 🔴 High Availability
- 🔴 Manage & Settings
- 🔴 Logs
- 🟡 Misc.
- 🔴 add-objects-batch
- 🔴 set-objects-batch
- 🔴 delete-objects-batch
- 🔴 cme-api
- 🔴 gaia-api
- 🔴 export
- 🔴 show-changes
- 🔴 show-api-versions
- 🔴 put-file
- 🔴 where-used
- 🔴 run-script
- 🔴 show-unused-objects
- 🔴 show-gateways-and-servers
- 🔴 show-layer-structure
- 🔴 show-validations
- 🔴 show-commands
- 🔴 install-database
- 🔴 Task
- 🔴 Object
- 🟢 generic-objects (rulebaseaction)
TODO
Yes! pyCheckpoint-API has a complete test suite that fully covers all implemented methods
Contributions to pyCheckpoint-API are absolutely welcome.
Please see the Contribution Guidelines for more information.
Poetry is currently being used for builds and management. You'll want to have poetry installed and available in your environment.
Once Poetry is installed, you can create and validate your development environment using those commands:
poetry install
# this is installing the package using poetry
poetry build
# this is building the package locally (not required)
poetry shell
# this is usind the dedicated virtual environment for development
pytest
# Run the tests
You should then see the output of pytest results with all tests passed.
Please feel free to open an issue using Github Issues if you run into any problems using pyCheckpoint-API.
MIT License
Copyright (c) 2022 LmR
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.