This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ddavila
Explorer
Explorer
a month ago

CloudGuard Network Security for NSX (Microsegmentation)

Hello community,

I would like to present a case study and get your opinions or recommendations. We are currently implementing a new virtualization infrastructure with VMware 9 and NSX-T. This platform will be located on two physical sites that will be viewed as a single site on the platform. Although the NSX tool has microsegmentation and security capabilities, we are not entirely confident in the solution. Furthermore, our entire current environment is covered by Check Point. We would like to protect it with CloudGuard Network Security. However, we encountered the unfortunate news that Broadcom has removed all third-party support for native NSX integration, so it is no longer an option.

Searching for alternatives, I found this document:

https://community.checkpoint.com/t5/CloudGuard-Network-Security/Customer-Guidance-for-VMware-NSX-Dis...

However, alternative type A doesn't allow us to perform microsegmentation on the same host, so I have two questions.

  • Have you found any other alternatives or come up with any other ideas for performing this microsegmentation? I thought it could work like Azure Network Security, using route tables, redirecting even internal traffic to Check Point HA for inspection, as well as a default route for the rest of the traffic.

For example,

Network A (Production VMs)
Network B (QA VMs)
Check Point Clustex XL IP: 10.1.1.5

Route Table:
0.0.0.0/0 ----> 10.1.1.5
Network A ----> 10.1.1.5
Network B ----> 10.1.1.5

This is how I implemented it in Azure, and it allows me to see the traffic of two VMs that are in the same vNetwork through the Security Gateway (Network A to Network A).

  • For availability reasons, we plan to deploy Check Points on VMs within the same virtualization platform (different network segments) with a gateway deployment scheme on each node at a different physical location to ensure service availability. Do you see any drawbacks or considerations in doing this?

It is worth noting that the network gateway will be outside of NSX or Check Point and will be managed in Cisco fabric.

I am very grateful for any information.

Regards



Preview file
42 KB
0 Kudos
1 Reply
Jeff_Engel
Employee
Employee
4 weeks ago

Hi @Ddavila 

Sending you a private message.  Will return to this thread with our conclusions.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events