checkpoint 2.9.0, Apr 14 25

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

Checkpoint Provider

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

Generate Provider

The Checkpoint provider must be installed as a Local Package by following the instructions for Any Terraform Provider:

pulumi package add terraform-provider checkpointsw/checkpoint

Overview

The Check Point provider can be used to automate security responses to threats, provision both physical and virtualized next-generation firewalls and automate routine Security Management configuration tasks, saving time and reducing configuration errors. With the Check Point provider, DevOps teams can automate their security and transform it into DevSecOps workflows.

Examples of usage

To use Check Point provider, copy and paste this code into your Pulumi configuration, update provider configuration and run pulumi up.

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: nodejs
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";

// Create network object
const network = new checkpoint.ManagementNetwork("network", {
    name: "My network",
    subnet4: "192.0.2.0",
    maskLength4: 24,
});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: python
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

import pulumi
import pulumi_checkpoint as checkpoint

# Create network object
network = checkpoint.ManagementNetwork("network",
    name="My network",
    subnet4="192.0.2.0",
    mask_length4=24)

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: dotnet
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;

return await Deployment.RunAsync(() =>
{
    // Create network object
    var network = new Checkpoint.ManagementNetwork("network", new()
    {
        Name = "My network",
        Subnet4 = "192.0.2.0",
        MaskLength4 = 24,
    });

});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: go
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

package main

import (
	"github.com/pulumi/pulumi-pulumi-provider/sdks/go/checkpoint/v2/checkpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create network object
		_, err := checkpoint.NewManagementNetwork(ctx, "network", &checkpoint.ManagementNetworkArgs{
			Name:        pulumi.String("My network"),
			Subnet4:     pulumi.String("192.0.2.0"),
			MaskLength4: pulumi.Float64(24),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: yaml
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

resources:
  # Create network object
  network:
    type: checkpoint:ManagementNetwork
    properties:
      name: My network
      subnet4: 192.0.2.0
      maskLength4: '24'

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: java
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:sessionName:
        value: Pulumi session
    checkpoint:username:
        value: aa

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.ManagementNetwork;
import com.pulumi.checkpoint.ManagementNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Create network object
        var network = new ManagementNetwork("network", ManagementNetworkArgs.builder()
            .name("My network")
            .subnet4("192.0.2.0")
            .maskLength4("24")
            .build());

    }
}

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: nodejs
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";

// Set machine hostname
const hostname = new checkpoint.Hostname("hostname", {name: "pulumi_host"});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: python
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

import pulumi
import pulumi_checkpoint as checkpoint

# Set machine hostname
hostname = checkpoint.Hostname("hostname", name="pulumi_host")

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: dotnet
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;

return await Deployment.RunAsync(() =>
{
    // Set machine hostname
    var hostname = new Checkpoint.Hostname("hostname", new()
    {
        Name = "pulumi_host",
    });

});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: go
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

package main

import (
	"github.com/pulumi/pulumi-pulumi-provider/sdks/go/checkpoint/v2/checkpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Set machine hostname
		_, err := checkpoint.NewHostname(ctx, "hostname", &checkpoint.HostnameArgs{
			Name: pulumi.String("pulumi_host"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: yaml
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

resources:
  # Set machine hostname
  hostname:
    type: checkpoint:Hostname
    properties:
      name: pulumi_host

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: java
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.Hostname;
import com.pulumi.checkpoint.HostnameArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Set machine hostname
        var hostname = new Hostname("hostname", HostnameArgs.builder()
            .name("pulumi_host")
            .build());

    }
}

Configuration Reference

The following configuration inputs are supported:

server - (Optional) Check Point Management server IP. It must be provided, but can also be defined via the CHECKPOINT_SERVER environment variable.
username - (Optional) Check Point Management admin name. It must be provided, but can also be defined via the CHECKPOINT_USERNAME environment variable.
password - (Optional) Check Point Management admin password. It must be provided, but can also be defined via the CHECKPOINT_PASSWORD environment variable.
apiKey - (Optional) Check Point Management admin API key. It must be provided, but can also be defined via the CHECKPOINT_API_KEY environment variable.
domain - (Optional) Login to specific domain. Domain can be identified by name or UID. This can also be defined via the CHECKPOINT_DOMAIN environment variable.
context - (Optional) Check Point access context - webApi or gaiaApi. This can also be defined via the CHECKPOINT_CONTEXT environment variable. Default value is webApi.
port - (Optional) Port used for connection with the API server. This can also be defined via the CHECKPOINT_PORT environment variable. Default value is 443.
proxyHost - (Optional) Proxy host used for proxy connections. This can also be defined via the CHECKPOINT_PROXY_HOST environment variable.
proxyPort - (Optional) Proxy port used for proxy connections. This can also be defined via the CHECKPOINT_PROXY_PORT environment variable.
sessionName - (Optional) Session unique name. This can also be defined via the CHECKPOINT_SESSION_NAME environment variable.
sessionDescription - (Optional) Session purpose description. This can also be defined via the CHECKPOINT_SESSION_DESCRIPTION environment variable.
sessionFileName - (Optional) Session file name used to store the current session id. This can also be defined via the CHECKPOINT_SESSION_FILE_NAME environment variable. default value is sid.json.
sessionTimeout - (Optional) Timeout in seconds for the session established in Check Point. This can also be defined via the CHECKPOINT_SESSION_TIMEOUT environment variable. The default for the value is 600. The timeout can be 10 - 3600.
timeout - (Optional) Timeout in seconds for the Go SDK to complete a transaction. This can also be defined via the CHECKPOINT_TIMEOUT environment variable. Default value is 120 seconds.
cloudMgmtId - (Optional) Smart-1 Cloud management UID. This can also be defined via the CHECKPOINT_CLOUD_MGMT_ID environment variable.
autoPublishBatchSize - (Optional) Number of batch size to automatically run publish. This can also be defined via the CHECKPOINT_AUTO_PUBLISH_BATCH_SIZE environment variable.
ignoreServerCertificate - (Optional) Indicates that the client should not check the server’s certificate. This can also be defined via the CHECKPOINT_IGNORE_SERVER_CERTIFICATE environment variable.

Authentication

Check Point Provider offers providing credentials for authentication. The following methods are supported:

Static credentials
Environment variables

Static credentials

Usage with username and password:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime:
config:
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:password:
        value: aaaa
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json
    checkpoint:username:
        value: aa

Usage with API key:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime:
config:
    checkpoint:apiKey:
        value: tBdloE9eOYzzSQicNxS7mA==
    checkpoint:context:
        value: web_api
    checkpoint:domain:
        value: MyDomain
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:sessionFileName:
        value: mydomain.json

Usage for Smart-1 Cloud:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime:
config:
    checkpoint:apiKey:
        value: tBdloE9eOYzzSQicNxS7mA==
    checkpoint:cloudMgmtId:
        value: de9a9b08-c7c7-436e-a64a-a54136301701
    checkpoint:context:
        value: web_api
    checkpoint:server:
        value: chkp-vmnc6s4y.maas.checkpoint.com

Or for GAIA API:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime:
config:
    checkpoint:context:
        value: gaia_api
    checkpoint:password:
        value: gaia_password
    checkpoint:server:
        value: 192.0.2.1
    checkpoint:username:
        value: gaia_user

Environment variables

You can provide your credentials via environment variables. Note that setting your Check Point credentials using static credentials will override the environment variables.

Usage:

$ export CHECKPOINT_SERVER="192.0.2.1"
$ export CHECKPOINT_USERNAME="aa"
$ export CHECKPOINT_PASSWORD="aaaa"
$ export CHECKPOINT_CONTEXT="web_api"
$ export CHECKPOINT_DOMAIN="MyDomain"
$ export CHECKPOINT_TIMEOUT=10
$ export CHECKPOINT_PORT=443
$ export CHECKPOINT_SESSION_NAME="Pulumi session name"
$ export CHECKPOINT_SESSION_DESCRIPTION="Pulumi session description"
$ export CHECKPOINT_SESSION_FILE_NAME="mydomain.json"
$ export CHECKPOINT_SESSION_TIMEOUT=600
$ export CHECKPOINT_PROXY_HOST="1.2.3.4"
$ export CHECKPOINT_PROXY_PORT="123"
$ export CHECKPOINT_CLOUD_MGMT_ID="de9a9b08-c7c7-436e-a64a-a54136301701"
$ export CHECKPOINT_AUTO_PUBLISH_BATCH_SIZE=100
$ export CHECKPOINT_IGNORE_SERVER_CERTIFICATE=false

Usage with api key:

$ export CHECKPOINT_SERVER="192.0.2.1"
$ export CHECKPOINT_API_KEY="tBdloE9eOYzzSQicNxS7mA=="
$ export CHECKPOINT_CONTEXT="web_api"
$ export CHECKPOINT_DOMAIN="MyDomain"
$ export CHECKPOINT_TIMEOUT=10
$ export CHECKPOINT_PORT=443
$ export CHECKPOINT_SESSION_NAME="Pulumi session name"
$ export CHECKPOINT_SESSION_DESCRIPTION="Pulumi session description"
$ export CHECKPOINT_SESSION_FILE_NAME="mydomain.json"
$ export CHECKPOINT_SESSION_TIMEOUT=600
$ export CHECKPOINT_PROXY_HOST="1.2.3.4"
$ export CHECKPOINT_PROXY_PORT="123"
$ export CHECKPOINT_CLOUD_MGMT_ID="de9a9b08-c7c7-436e-a64a-a54136301701"
$ export CHECKPOINT_AUTO_PUBLISH_BATCH_SIZE=100
$ export CHECKPOINT_IGNORE_SERVER_CERTIFICATE=false

Then configure the Check Point Provider as following:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: nodejs

import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";

// Create network object
const network = new checkpoint.ManagementNetwork("network", {
    name: "My network",
    subnet4: "192.0.2.0",
    maskLength4: 24,
});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: python

import pulumi
import pulumi_checkpoint as checkpoint

# Create network object
network = checkpoint.ManagementNetwork("network",
    name="My network",
    subnet4="192.0.2.0",
    mask_length4=24)

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: dotnet

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;

return await Deployment.RunAsync(() =>
{
    // Create network object
    var network = new Checkpoint.ManagementNetwork("network", new()
    {
        Name = "My network",
        Subnet4 = "192.0.2.0",
        MaskLength4 = 24,
    });

});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: go

package main

import (
	"github.com/pulumi/pulumi-pulumi-provider/sdks/go/checkpoint/v2/checkpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create network object
		_, err := checkpoint.NewManagementNetwork(ctx, "network", &checkpoint.ManagementNetworkArgs{
			Name:        pulumi.String("My network"),
			Subnet4:     pulumi.String("192.0.2.0"),
			MaskLength4: pulumi.Float64(24),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: yaml

resources:
  # Create network object
  network:
    type: checkpoint:ManagementNetwork
    properties:
      name: My network
      subnet4: 192.0.2.0
      maskLength4: '24'

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: java

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.ManagementNetwork;
import com.pulumi.checkpoint.ManagementNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Create network object
        var network = new ManagementNetwork("network", ManagementNetworkArgs.builder()
            .name("My network")
            .subnet4("192.0.2.0")
            .maskLength4("24")
            .build());

    }
}

Or for GAIA API:

$ export CHECKPOINT_SERVER="192.0.2.1"
$ export CHECKPOINT_USERNAME="gaia_user"
$ export CHECKPOINT_PASSWORD="gaia_password"
$ export CHECKPOINT_CONTEXT="gaia_api"
$ export CHECKPOINT_TIMEOUT=10
$ export CHECKPOINT_PORT=443

Then configure the Check Point Provider as following:

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: nodejs

import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";

// Set machine hostname
const hostname = new checkpoint.Hostname("hostname", {name: "pulumi_host"});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: python

import pulumi
import pulumi_checkpoint as checkpoint

# Set machine hostname
hostname = checkpoint.Hostname("hostname", name="pulumi_host")

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: dotnet

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;

return await Deployment.RunAsync(() =>
{
    // Set machine hostname
    var hostname = new Checkpoint.Hostname("hostname", new()
    {
        Name = "pulumi_host",
    });

});

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: go

package main

import (
	"github.com/pulumi/pulumi-pulumi-provider/sdks/go/checkpoint/v2/checkpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Set machine hostname
		_, err := checkpoint.NewHostname(ctx, "hostname", &checkpoint.HostnameArgs{
			Name: pulumi.String("pulumi_host"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: yaml

resources:
  # Set machine hostname
  hostname:
    type: checkpoint:Hostname
    properties:
      name: pulumi_host

# Pulumi.yaml provider configuration file
name: configuration-example
runtime: java

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.Hostname;
import com.pulumi.checkpoint.HostnameArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Set machine hostname
        var hostname = new Hostname("hostname", HostnameArgs.builder()
            .name("pulumi_host")
            .build());

    }
}

Post Apply / Destroy scripts

As of right now, Pulumi does not provide native support for publish and install-policy, so both of them and more post apply actions are handled out-of-band.

In order to use post Apply / Destroy commands, the authentication method must be via environment variables.

Publish

Please use the following script for Publish:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/publish
$ go build publish.go
$ mv publish $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ pulumi up && publish

Another option is to use autoPublishBatchSize provider argument which automatically runs publish.

Install Policy

The following configuration inputs are supported:

policy-package - (Required) The name of the Policy Package to be installed.
target - (Required) On what targets to execute this command. Targets may be identified by their name or object unique identifier. Multiple targets can be added.

Please use the following script for Install Policy:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/install_policy
$ go build install_policy.go
$ mv install_policy $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ pulumi up && install_policy -policy-package <package name> -target <target name or uid>

Logout

Please use the following script for Logout:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/logout
$ go build logout.go
$ mv logout $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/logout_from_session
$ pulumi up && publish && logout_from_session

Example of usage

Run pulumi then Publish & Install Policy & Logout from session

$ pulumi up && publish && install_policy -policy-package "standard" -target "corporate-gateway" && logout_from_session

Discard

Please use the following script for Discard:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/discard
$ go build discard.go
$ mv discard $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ discard

Approve Session

Please use the following script for Approve Session:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/approve_session
$ go build approve_session.go
$ mv approve_session $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ approve_session "SESSION_UID"

Reject Session

Please use the following script for Reject Session:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/reject_session
$ go build reject_session.go
$ mv reject_session $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ reject_session "SESSION_UID" "REJECT_REASON"

Submit Session

Please use the following script for Submit Session:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/submit_session
$ go build submit_session.go
$ mv submit_session $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ submit_session "SESSION_UID"

if no sessionUid is provided it will submit the current session.

Verify Policy

The following configuration inputs are supported:

policy-package - (Required) Policy package identified by the name or UID to be verified.

Please use the following script for Verify Policy:

$ cd $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint/commands/verify_policy
$ go build verify_policy.go
$ mv verify_policy $GOPATH/src/github.com/pulumi-providers/pulumi-provider-checkpoint
$ pulumi up && verify_policy -policy-package <package name>

Compatibility with Management

Check Point Provider supports Management server from version R80 and above. However, some Pulumi resources or specific fields in Pulumi resource might not be available because they are not supported in your Management API version.
You can check the Management API versions list to see what is supported by your Management server.

Compatibility with CME

Check Point Provider supports configuring objects in CME configuration file starting from Security Management/Multi-Domain Security Management Server version R81.10 and higher.

The table below shows the compatibility between the Pulumi Release version and the CME API version:

Pulumi Release version	CME API version	CME Take
v2.9.0	v1.2.2	289 and higher
v2.8.0	v1.2	279 and higher
v2.7.0	v1.1	255 and higher

> Note: When you install or upgrade the Pulumi Release version, make sure to also upgrade CME to the corresponding CME Take to properly configure CME resources.

For details about upgrading CME, please refer to the documentation here.

Import Resources

In order to import resource, use the pulumi import command with object unique identifier.

Example:

For existing Host object with UID 9423d36f-2d66-4754-b9e2-e7f4493756d4

Use the following resource configuration block:

import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";

const host = new checkpoint.ManagementHost("host", {
    name: "myhost",
    ipv4Address: "1.1.1.1",
});

import pulumi
import pulumi_checkpoint as checkpoint

host = checkpoint.ManagementHost("host",
    name="myhost",
    ipv4_address="1.1.1.1")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;

return await Deployment.RunAsync(() =>
{
    var host = new Checkpoint.ManagementHost("host", new()
    {
        Name = "myhost",
        Ipv4Address = "1.1.1.1",
    });

});

package main

import (
	"github.com/pulumi/pulumi-pulumi-provider/sdks/go/checkpoint/v2/checkpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := checkpoint.NewManagementHost(ctx, "host", &checkpoint.ManagementHostArgs{
			Name:        pulumi.String("myhost"),
			Ipv4Address: pulumi.String("1.1.1.1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

resources:
  host:
    type: checkpoint:ManagementHost
    properties:
      name: myhost
      ipv4Address: 1.1.1.1

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.ManagementHost;
import com.pulumi.checkpoint.ManagementHostArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var host = new ManagementHost("host", ManagementHostArgs.builder()
            .name("myhost")
            .ipv4Address("1.1.1.1")
            .build());

    }
}

Run the following command:

$ pulumi import checkpoint_management_host.host 9423d36f-2d66-4754-b9e2-e7f4493756d4

For more information about pulumi import command, please refer here.

Tips & Best Practices

This section describes best practices for working with the Check Point provider.

Use one or more dedicated users for provider operations to make sure minimum permissions are granted.
Keep on object name uniqueness in your environment.
Use object name when reference to an object (avoid use of object UID).
Use post apply scripts (e.g. publish, install policy, logout) to run actions after apply your changes. Pulumi runs in parallel and because of that we can’t predict the order of when changes will execute, running post apply scripts will ensure to run last after all changes submitted successfully.
Create implicit / explicit dependencies between resources or modules. Pulumi uses this dependency information to determine the correct order in which to create the different resources. To do so, it creates a dependency graph of all of the resources defined by the configuration. For more information, please refer here.
Keep on unique sessionFileName when configure more than one provider for authentication purposes.
Resources and Functions that start with checkpoint_management_* using Management API and require set context to webApi. For GAIA API resources set context to gaiaApi.
When configure provider context to gaiaApi you can run only GAIA resources. Management resources will not be supported.

checkpoint 2.9.0 published on Monday, Apr 14, 2025 by checkpointsw

checkpointsw/terraform-provider-checkpoint

Checkpoint Provider

On this page

On this page

Generate Provider

Overview

Examples of usage

Configuration Reference

Authentication

Static credentials

Environment variables

Post Apply / Destroy scripts

Publish

Install Policy

Logout

Example of usage

Discard

Approve Session

Reject Session

Submit Session

Verify Policy

Compatibility with Management

Compatibility with CME

Import Resources

Tips & Best Practices

On this page

On this page