This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Henrique_Sauer_
Contributor
‎2018-12-11 09:25 AM

Integrate CloudGuard with Vcloud Director

I would like to know if anyone knows how is the integration between CloudGuard with Vcloud Director. Anyone knows the SK/Documentation that shows the integration procedure?

Thanks!

5 Replies
Pablo_Barriga
Advisor
‎2019-01-15 09:28 PM

Hello, we have several Check Point virtual machines running on differents VDC on version Vcloud 9. We have encounter some issues creating clusters, but so far the ISO can be uploaded to the public catalog and be used to install a fresh gateway.

We are also testing VRA to create some scripts for automatization. 

Chesterpbk
Explorer
‎2020-05-20 10:48 AM
In response to Pablo_Barriga

Could you please tell me how to do that? Just deploy CloudGuard as a VM in VDC and that's all?

Do we need integrate cloudguard with NSX or vCenter?

Thank you so much

0 Kudos
Pablo_Barriga
Advisor
‎2020-05-26 02:59 PM
In response to Chesterpbk

Hello, If you want to deploy as a service catalog

You will need to create the template on VRO to publish it on VCD Catalog

https://community.checkpoint.com/t5/CloudGuard-IaaS/VCO-VRO-installation-process/td-p/39073

You could integrate it to NSX , but you will need to create specific tags or create a custom service composer. On Vcloud Director for now you can only create standard distributed policies, so this configuration has to be done on the CHK console.

https://sc1.checkpoint.com/documents/R80/CP_R80_vSEC_Controller_v1_AdminGuide/vSEC/html_frameset.htm

Other option could be to work with https://zerotouch.checkpoint.com/ZeroTouch/login.jIsp , but I am testing it to see if I can send configurations to VM firewalls.

Chesterpbk
Explorer
‎2020-05-26 09:22 PM
In response to Pablo_Barriga

Hi Pablo,
Thank you so much for your help
However, I'm still confused about the way to integrate CloudGuard with vCD.
vCD is a abstract layer over vSphere and NSX. So how we can integrate CloudGuard, the VM in customer's Virtual DC, with NSX and vCenter, the component of Service Provider system?
Please share with me the document of this integration if available. Thanks again
0 Kudos
Pablo_Barriga
Advisor
‎2020-05-26 09:44 PM
In response to Chesterpbk

Hello, thats true VCD its  just managing overlay of all the vsphere , nsx and vsan resource.

From the VCD you could have a Check Point VM fully provisioned, using VRO and VRA.

This video explain the integration

https://www.youtube.com/watch?v=Tm5IMWW_ADM

For now I haven't see a integration reading VCD information such a organization Tenants

So far the CloudGuard Controller can read this information from Vmware Vcenter and NSX. 

 

I think If you manage the firewall you could connect to the NSX Manager and read the service Composer created for that tenant. And also send tags to the NSX Manager for automatic remediation policies.

 

CloudGuard Controller for VMware vCenter

The Check Point Data Center Server connects to the VMware vCenter and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects.

You must have a VMware vCenter username with at least Read-Only permissions.

CloudGuard Controller for VMware NSX Manager Server

The CloudGuard Controller integrates the VMware NSX Manager Server with Check Point security.

The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.

You must have a VMware NSX username with permission of an Auditor or greater to access the CloudGuard Controller.

Note - This role is sufficient for CloudGuard Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).

VMware vCenter Objects

Objects

ObjectDescription

Cluster

A collection of ESXi hosts and associated Virtual Machines configured to work as a unit.

Datacenter

An aggregation of many object types required to work in a virtual infrastructure.

These include hosts, Virtual Machines, networks, and datastores.

Folder

Lets you group similar objects.

Host

The physical computer where you install ESXi. All Virtual Machines run on a host.

Resource pool

Compartmentalizes the host or cluster CPU and memory resources.

Virtual machine

A virtual computer environment where a guest operating system and associated application software runs.

vSphere vApp

A packaging and managing application format. A vSphere vApp can contain multiple Virtual Machines.

Imported Properties

Imported PropertyDescription

IP

IP address or Hostname of vCenter Server.

You must install VMware Tools on each Virtual Machine to retrieve the IP addresses for each computer.

Note

VMware vCenter object notes.

URI

Object path.

 

 

VMware NSX Objects

Objects

ObjectDescription

Security Group

Enables a static or dynamic grouping, based on objects such as Virtual Machines, vNICs, vSphere clusters, logical switches, and so on.

Imported Properties

Imported PropertyDescription

IP

All the Security Group IP addresses

Note

Description value of a Security Group

URI

Object path

Threat Prevention Tagging for CloudGuard for NSX Gateway

 

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CloudGuard_Controller_AdminG...

 

 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events