Create a Post
Showing results for 
Search instead for 
Did you mean: 

Integrate CloudGuard with Vcloud Director

I would like to know if anyone knows how is the integration between CloudGuard with Vcloud Director. Anyone knows the SK/Documentation that shows the integration procedure?


5 Replies

Hello, we have several Check Point virtual machines running on differents VDC on version Vcloud 9. We have encounter some issues creating clusters, but so far the ISO can be uploaded to the public catalog and be used to install a fresh gateway.

We are also testing VRA to create some scripts for automatization. 


Could you please tell me how to do that? Just deploy CloudGuard as a VM in VDC and that's all?

Do we need integrate cloudguard with NSX or vCenter?

Thank you so much

0 Kudos

Hello, If you want to deploy as a service catalog

You will need to create the template on VRO to publish it on VCD Catalog

You could integrate it to NSX , but you will need to create specific tags or create a custom service composer. On Vcloud Director for now you can only create standard distributed policies, so this configuration has to be done on the CHK console.

Other option could be to work with , but I am testing it to see if I can send configurations to VM firewalls.


Hi Pablo,
Thank you so much for your help
However, I'm still confused about the way to integrate CloudGuard with vCD.
vCD is a abstract layer over vSphere and NSX. So how we can integrate CloudGuard, the VM in customer's Virtual DC, with NSX and vCenter, the component of Service Provider system?
Please share with me the document of this integration if available. Thanks again
0 Kudos

Hello, thats true VCD its  just managing overlay of all the vsphere , nsx and vsan resource.

From the VCD you could have a Check Point VM fully provisioned, using VRO and VRA.

This video explain the integration

For now I haven't see a integration reading VCD information such a organization Tenants

So far the CloudGuard Controller can read this information from Vmware Vcenter and NSX. 


I think If you manage the firewall you could connect to the NSX Manager and read the service Composer created for that tenant. And also send tags to the NSX Manager for automatic remediation policies.


CloudGuard Controller for VMware vCenter

The Check Point Data Center Server connects to the VMware vCenter and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects.

You must have a VMware vCenter username with at least Read-Only permissions.

CloudGuard Controller for VMware NSX Manager Server

The CloudGuard Controller integrates the VMware NSX Manager Server with Check Point security.

The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.

You must have a VMware NSX username with permission of an Auditor or greater to access the CloudGuard Controller.

Note - This role is sufficient for CloudGuard Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).

VMware vCenter Objects




A collection of ESXi hosts and associated Virtual Machines configured to work as a unit.


An aggregation of many object types required to work in a virtual infrastructure.

These include hosts, Virtual Machines, networks, and datastores.


Lets you group similar objects.


The physical computer where you install ESXi. All Virtual Machines run on a host.

Resource pool

Compartmentalizes the host or cluster CPU and memory resources.

Virtual machine

A virtual computer environment where a guest operating system and associated application software runs.

vSphere vApp

A packaging and managing application format. A vSphere vApp can contain multiple Virtual Machines.

Imported Properties

Imported PropertyDescription


IP address or Hostname of vCenter Server.

You must install VMware Tools on each Virtual Machine to retrieve the IP addresses for each computer.


VMware vCenter object notes.


Object path.



VMware NSX Objects



Security Group

Enables a static or dynamic grouping, based on objects such as Virtual Machines, vNICs, vSphere clusters, logical switches, and so on.

Imported Properties

Imported PropertyDescription


All the Security Group IP addresses


Description value of a Security Group


Object path

Threat Prevention Tagging for CloudGuard for NSX Gateway





Epsum factorial non deposit quid pro quo hic escorol.