R80.10 CloudGuard Controller and Azure ? Please rollback to jumbo take70 !
I'm busy onboarding to Azure right now and was looking forward to automate stuff using the CloudGuard controller on my on-prem management servers and the CloudGuard IaaS gateways in Azure.
My whole environment is on almost the latest patch level; R80.10 Jumbo T112.
I was very suprised to learn that for the controller to be able to import Azure datacenter objects I would have to install a hotfix ( sk120464 - R80.10 CloudGuard Controller / vSEC Controller Hotfix v1 ) that requires me to revert to Jumbo T70 (15 Jan 2018) !
I opened a SR and it was communicated to me that RnD currently has no plan to make vSec Controller Hotfix v1 to be available on any higher take Jumbo hotfix environment.
Only solution that was proposed was moving towards R80.20 Management Feature Release, which has the hotfix build in.
I'm reserved on moving to the latest and greatest when I'm perfectly happy with my current R80.10 management.
Is it strange to expect a functional Check Point - Azure integration using R80.10 on a current patch level ?
What do you guys think ?
I personally would of requested as to why the won't do a port fix. Call me paranoid, but when I get that response I push hard for logical reason for them not either integrating the fix into another jumbo. That's one reason they could be not creating a portfix, it's going to be integrated. That or they are not going to the supporting R80.10 in the near future. I saw that on the support side when R76 was showing to be a lemon release.
If I got that response I would request the reason as to why they are not porting it, unless there is a major change to the backend there should be no logical reason that there shouldn't be a port fix... just imho.
sk120464 - R80.10 CloudGuard Controller / vSEC Controller Hotfix v1, is not a requirement to import objects from Azure (or AWS, NSX and more).
This hotfix has these new features, and some fixes.
- Integration with Google Cloud Platform
- Integration with Cisco ISE
- Integration with Nuage Networks VSP
- Automatic license management with the vSEC Central Licensing utility
- Starting with Jumbo Hotfix Accumulator Take 20, support for R76SP.50 60000/40000 Security Platforms
- Integration of monitoring capabilities into SmartView
Azure is supported with R80.10 and any Jumbo, so if you don't need any of the new features or fixes, you are good to go.
The 'import' option is not available after configuring a Datacenter connection to Azure.
Hence the Service Request I made.
See the screenshots below.
Below the available import option on a R80.10 T70 + hotfix management server in my lab.
So I'm pretty sure I need the hotfix on my R80.10 environment to work with Azure Datacenter objects.
As stated above, no need to install any hotfix on top of R80.10 in order to import objects from Azure.
There are several ways to import data center objects -
1. Via the objects explorer on the right by clicking right-button on the data center and selecting import. This is the option described above and is indeed introduced only in the hotfix.
2. Via the + button in the policy . Simply select the relevant cell in the policy (Source/Destination) and then import as seen below. This option is available for all versions including R80.10 with any jumbo hotfix on top.
CloudGuard controller R&D Team Leader
Wow, thanks Merav !
That did the trick. I was focussed on the objects explorer import function only.
I did not know of the other way and neither did the engineer on my SR.
I will point him towards this thread.
Glad to learn that I do not need to downgrade or upgrade.
Martin van Eden