WCF Agent  ·  Check Point Integration

Alliance Intelligence
Inside Check Point

The OneFirewall WCF Agent for Check Point pushes live Alliance threat intelligence — scored IPs, malicious domains, URLs, and file hashes — directly into your Check Point Quantum Security Gateway via SmartConsole External Indicators and EDLs.

Speak with OneFirewall Start a PoV
R80.10 – R82 SmartConsole EDLs 5-Minute Refresh JWT Auth
ALLIANCE Threat Feeds HTTPS/EDL WCF AGENT Check Point SmartConsole Enforce CHECK POINT
4Threat categories
5 minFeed refresh interval
R80.10+Minimum version
JWTBearer authentication
Drop/ Reject / Prevent
AutoPolicy enforcement

Setup in 3 Steps

1

Generate JWT Token

Log into your OneFirewall Alliance dashboard → API Access → Generate JWT Token. Save the Bearer token securely — it authenticates all feed requests from Check Point to the Alliance API.

2

Create Indicator Feeds in SmartConsole

In Check Point SmartConsole go to Security Policies → Threat Prevention → Indicators → External Feeds. Create four new feeds — one each for IP, Domain, URL, and File Hash. Set feed type, name, API endpoint URL, and add the custom Authorization header with your JWT Bearer token. Set refresh to 5 minutes.

3

Define Security Policies

Use the created feeds as source or destination objects in Check Point security policies. Assign enforcement actions — Drop, Reject, or Prevent — and install the policy to your Quantum Security Gateways.

What Gets Blocked

  • ● Malicious IPv4 addresses (scored ≥ your threshold)
  • ● Malicious domain names (DNS resolution blocking)
  • ● Malicious URLs (full path matching)
  • ● File hashes — MD5, SHA1, SHA256
SmartConsole External Feed Config
# Feed configuration per threat type

# IP Feed
Name:    OFA - IP Blocklist
URL:     https://app.onefirewall.com/api/v1/
         feed/ips?score=190&plugin=checkpoint
Header:  Authorization: Bearer <JWT_TOKEN>
Refresh: 5 minutes

# Domain Feed
Name:    OFA - Domain Blocklist
URL:     https://app.onefirewall.com/api/v1/
         feed/domains?score=190&plugin=checkpoint

# URL Feed
Name:    OFA - URL Blocklist
URL:     https://app.onefirewall.com/api/v1/
         feed/urls?score=190&plugin=checkpoint

# File Hash Feed
Name:    OFA - File Hashes
URL:     https://app.onefirewall.com/api/v1/
         feed/hashes?plugin=checkpoint

Policy action: Drop / Reject / Prevent

Activate Alliance Intelligence on Check Point

Your Check Point gateways are already capable of consuming external feeds. OneFirewall Alliance provides the threat intelligence. Let us configure it together in a Proof of Value.

Speak with OneFirewall Organize a Proof of Value