Integrate CloudGuard with Vcloud Director
Hello, we have several Check Point virtual machines running on differents VDC on version Vcloud 9. We have encounter some issues creating clusters, but so far the ISO can be uploaded to the public catalog and be used to install a fresh gateway.
We are also testing VRA to create some scripts for automatization.
Could you please tell me how to do that? Just deploy CloudGuard as a VM in VDC and that's all?
Do we need integrate cloudguard with NSX or vCenter?
Thank you so much
Hello, If you want to deploy as a service catalog
You will need to create the template on VRO to publish it on VCD Catalog
You could integrate it to NSX , but you will need to create specific tags or create a custom service composer. On Vcloud Director for now you can only create standard distributed policies, so this configuration has to be done on the CHK console.
Other option could be to work with https://zerotouch.checkpoint.com/ZeroTouch/login.jIsp , but I am testing it to see if I can send configurations to VM firewalls.
Thank you so much for your help
However, I'm still confused about the way to integrate CloudGuard with vCD.
vCD is a abstract layer over vSphere and NSX. So how we can integrate CloudGuard, the VM in customer's Virtual DC, with NSX and vCenter, the component of Service Provider system?
Please share with me the document of this integration if available. Thanks again
Hello, thats true VCD its just managing overlay of all the vsphere , nsx and vsan resource.
From the VCD you could have a Check Point VM fully provisioned, using VRO and VRA.
This video explain the integration
For now I haven't see a integration reading VCD information such a organization Tenants
So far the CloudGuard Controller can read this information from Vmware Vcenter and NSX.
I think If you manage the firewall you could connect to the NSX Manager and read the service Composer created for that tenant. And also send tags to the NSX Manager for automatic remediation policies.
CloudGuard Controller for VMware vCenter
The Check Point Data Center Server connects to the VMware vCenter and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects.
You must have a VMware vCenter username with at least Read-Only permissions.
CloudGuard Controller for VMware NSX Manager Server
The CloudGuard Controller integrates the VMware NSX Manager Server with Check Point security.
The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.
You must have a VMware NSX username with permission of an Auditor or greater to access the CloudGuard Controller.
Note - This role is sufficient for CloudGuard Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).
VMware vCenter Objects
A collection of ESXi hosts and associated Virtual Machines configured to work as a unit.
An aggregation of many object types required to work in a virtual infrastructure.
These include hosts, Virtual Machines, networks, and datastores.
Lets you group similar objects.
The physical computer where you install ESXi. All Virtual Machines run on a host.
Compartmentalizes the host or cluster CPU and memory resources.
A virtual computer environment where a guest operating system and associated application software runs.
A packaging and managing application format. A vSphere vApp can contain multiple Virtual Machines.
IP address or Hostname of vCenter Server.
You must install VMware Tools on each Virtual Machine to retrieve the IP addresses for each computer.
VMware vCenter object notes.
VMware NSX Objects
Enables a static or dynamic grouping, based on objects such as Virtual Machines, vNICs, vSphere clusters, logical switches, and so on.
All the Security Group IP addresses
Description value of a Security Group
Threat Prevention Tagging for CloudGuard for NSX Gateway