--- title: "Using Model Context Protocol (MCP) Server with Harmony SASE" slug: "using-model-context-protocol-mcp-with-check-point-harmony-sase" updated: 2026-04-07T09:06:41Z published: 2026-04-07T09:06:41Z canonical: "support.perimeter81.com/using-model-context-protocol-mcp-with-check-point-harmony-sase" stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt > Use this file to discover all available pages before exploring further. # Using Model Context Protocol (MCP) Server with Harmony SASE Model Context Protocol (MCP) is an open-source standard that enables AI assistants to securely connect with external data sources and tools. By integrating MCP with Check Point Check Point SASE, you can query your infrastructure through natural conversation with AI. ## Features - Query Check Point SASE networks and their configurations. - Retrieve and analyze gateway deployments across regions. - List and inspect Zero Trust Architecture (ZTA) applications. - Get all available Network regions. - Get all the deployed Gateways, regions, and tunnels in the Network. ## Supported Actions MCP server provides to run these actions through your AI assistant: - Network Management: - `list_networks` - Lists all Check Point SASE networks. - `get_network / find_network` - Fetches details for a specific network by ID. - Gateway Management: - `get_gateway` - Provides gateway details for a specified network and gateway identifier. - Region Management: - `list_network_regions` - Lists all available regions. - `get_region` - Retrieves detailed information for a specific region. - Application Management: - `list_applications` - Lists all applications. - `get_application` - Retrieves detailed information for a specified application. - `get_application_status` - Provides the deployment status of a specified application. Note: Administrators can perform supported actions using free-text queries, not just predefined commands. ## Security Guidelines - API keys and credentials are never shared with the model. - Only use client implementations you trust. - Make sure that you only use models and providers that comply with your organization's policies for handling sensitive infrastructure data and Personally Identifiable Information. ## Check Point SASE MCP Server Configuration ### Prerequisites - Administrator access to the Check Point SASE Administrator Portal. - API key generated from the Check Point SASE Administrator Portal. - Node.js version 18 or higher. - npm version 10 or higher. - MCP compatible AI client. For example, Claude, Cursor, GitHub Copilot, and Windsurf. ### High-Level Procedure - [Step 1 - Generate API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#generate-api-credentials) - [](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#generating-api-credentials) [Step 2 - Configure Bypass Rule for AI Tool Access](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-2-configure-bypass-rule-for-ai-tool-access) [](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#configuring-bypass-rule-for-ai-tool-access) - [](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#client-configuration)[Step 3 - Configure the AI Client](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-3-configure-the-ai-client) [](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#client-configuration) - [Step 4 - Install and Access the Harmony SASE MCP Server](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-4-install-and-access-the-harmony-sase-mcp-server) [](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#installing-and-accessing-the-harmony-mcp) ### Step 1 - Generate API Credentials 1. Access the Check Point SASE Administrator Portal. 2. Go to **Settings**> **API Support**. 3. Click **Generate New Key**. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/GenerateAPIToken.PNG) The **Generate New API Key** window appears. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1752050170955.png) 4. In the **Key Name** field, enter a name for the token. 5. From the **Expiration Date**list, select one of these: - **Never**(Default) - **1 Month** - **3 Month** - **6 Month** - **1 Year** 6. From the **Key Permissions** list, select the required permission(s). 7. Click **Generate**. The system generates the API Token. 8. To copy the API key, go to the **Active Tokens** tab, hover over the generated token, and click ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1752127980797.png). ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1752128574977.png) > **Note**: Make a note of the API key. These values are required during [Client configuration](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-3-configure-the-ai-client). ### Step 2 - Configure Bypass Rule for the AI Client 1. Click**Internet Access** and go to **Bypass Rules**. 2. Click **Add New Rule**. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1752050857340.png) A new rule appears in the table. 3. Specify these: 1. Name 2. Source 3. Destination - For example, enter these: 1. **.claude.ai* 2. **.*[*anthropic.com*](//anthropic.com)** 3. ***[*.api.anthropic.com*](//.api.anthropic.com) For more information on adding a new rule, see the *Bypass Rules* section in [Manage Secure Web Gateway](/v1/docs/secure-web-gateway). 4. Turn on the **Status**toggle button. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1752051232978.png) 5. Click **Apply**. ### Step 3 - Configure the AI Client #### Supported Client - Claude Desktop - GitHub Copilot - Cursor - Windsurf - Any MCP compatible AI Client Note: Due to the nature of Check Point SASE API calls and the variety of server tools, using this server may require a paid subscription to the AI client provider to support token limits and context window sizes. For smaller models, you can reduce token usage by limiting the number of enabled tools in the client. #### Management Host and Origin Use these values according to your regions: - For US Data Residency: - MANAGEMENT_HOST: `https://api.perimeter81.com/api` - ORIGIN: `https://tenant.perimeter81.com` - For Other Regions: - MANAGEMENT_HOST: `https://api.<region>.sase.checkpoint.com/api` - ORIGIN: `https://tenant.<region>.sase.checkpoint.com` Replace, with your Check Point SASE region (for example: eu, in, au). Note: Using incorrect region values will result in authentication or connection failures. #### Configuring Claude Desktop 1. For macOS: 1. Open Terminal. 2. Run this command to check if the *claude_desktop_config.json*file is available: JSONJSON ```json ls"$HOME/Library/Application Support/Claude/claude_desktop_config.json" ``` 3. If the file is not available, create the file using this command: JSONJSON ```json touch "$HOME/Library/Application Support/Claude/claude_desktop_config.json"                     ``` 4. To open the file in TextEdit, run: JSONJSON ```json open -e "$HOME/Library/Application Support/Claude/claude_desktop_config.json"                     ``` 5. Add the below configuration to the JSON file: JSON JSON ```json {                        "mcpServers": {                        "harmony-sase": {                        "command": "npx",                        "args": ["@chkp/harmony-sase-mcp"],                        "env": {                        "API_KEY": "your-harmony-sase-api-key",                        "MANAGEMENT_HOST": "",                        "ORIGIN": ""                        }                        }                        }                        } ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). 2. For Windows: 1. Press **Win**+**R**. The **Run**window appears. 2. From the **Open**list, select **cmd**. 3. To open the configuration file, run: JSONJSON ```json code %APPDATA%\Claude\claude_desktop_config.json ``` 4. Add the below configuration to the JSON file: JSONJSON ```json {                        "mcpServers": {                        "harmony-sase": {                        "command": "npx",                        "args": ["@chkp/harmony-sase-mcp"],                        "env": {                        "API_KEY": "your-harmony-sase-api-key",                        "MANAGEMENT_HOST": "",                        "ORIGIN": ""                        }                        }                        }                        } ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). #### Configuring Visual Studio (VS) Code 1. Open Visual Studio (VS) Code. 2. Open the Command Palette (Ctrl+Shift+P). 3. Search for **MCP: Open User Configuration**. 4. Edit the**mcp.json**. 5. Add these configuration: JSONJSON ```json    "servers": {        "harmony_sase": {            "command": "npx",            "args": [                "@chkp/harmony-sase-mcp"            ],            "env": {                "API_KEY": "",                "MANAGEMENT_HOST": "",                "ORIGIN": ""            },            "type": "stdio"        }    } ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). 6. Save the file and click **Start**to launch the server. ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-624Q9M52.png) (Optional) To validate the configuration, open your AI assistant (for example, Copilot Chat in Visual Studio Code) and ask: List all Check Point SASE networks. A successful response confirms the MCP server is configured correctly. #### Configuring Windsurf 1. Open Windsurf. 2. Go to **Windsurf Settings**. 3. In the search bar, search for **mcp**. 4. Add the below configuration to the JSON file: JSONJSON ```json {                "mcpServers": {                "harmony-sase": {                "command": "npx",                "args": ["@chkp/harmony-sase-mcp"],                "env": {                "API_KEY": "your-harmony-sase-api-key",                "MANAGEMENT_HOST": "",                "ORIGIN": ""                }                }                }                } ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). #### Configuring Cursor 1. Open **Cursor**. 2. Go to **Settings**>**Cursor Settings** >**MCP.** 3. Click **Add new MSP server.** 4. Add the below configuration to the JSON file: ```json {                "mcpServers": {                "harmony-sase": {                "command": "npx",                "args": ["@chkp/harmony-sase-mcp"],                "env": {                "API_KEY": "your-harmony-sase-api-key",                "MANAGEMENT_HOST": "",                "ORIGIN": ""                }                }                }                } ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). ### Step 4 - Install and Access the Check Point SASE MCP Server 1. Install the MCP Server Tool Globally. 1. Open Terminal or Command Prompt. 2. Run: ShellShell ```shell npm install -g @chkp/harmony-sase-mcp ``` 2. To clone the repository, run: ShellShell ```shell git clone                cd mcp-servers/packages/harmony-sase ``` 3. To install dependencies, run: ShellShell ```shell npm install             ``` 4. To build the project, run: ShellShell ```shell npm run build             ``` 5. Run the server locally: ShellShell ```shell node /path/to/packages/harmony-sase/dist/index.js                --api-key YOUR_API_KEY                --management-host                --origin ``` Replace: - `your-harmony-sase-api-key` with your Check Point SASE API Key. See step **8** in [Generating API Credentials](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#step-1-generate-api-credentials). - `<MANAGEMENT_HOST>` and `<ORIGIN>`. See, [Management Host and Origin](/v1/docs/using-model-context-protocol-mcp-with-check-point-harmony-sase#management-host-and-origin). Note: You can also run the server locally for development using MCP Inspector or any compatible client.