- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- cloudguard on infinity portal
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cloudguard on infinity portal
Hi Mates,
What exactly is cloudguard section of infinity portal for? For cloud gateway management or is there a separate cloud manager for AWS/Azure gws?
We have a cloudguard gw being managed by an on prem dedicated manager, just managing this gw. However I suspect infinity portal cloudguard section is for just that. Can someone confirm that cloudguard management (the cloudguard section of infinity portal) IS the cloudguard cloud manager. It seems like there's more features with cloudguard management on the infinity portal then having on prem listed below.
It's confusing because the gw is called cloud guard and the section in infinity is also cloudguard, not cloudguard manger.
Features.
cloudguard controller
cloudguard network
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard in this context is CNAPP & WAF etc.
Smart-1 Cloud is the "as a service" management option you are likely after in the portal. This is not dedicated to managing Cloudguard Network Security Gateways as it can also manage typical on-prem Quantum & Spark gateways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard has nothing to do with management server, its totally different. I believe its mostly referring to cloud applications, similar to most vendors nowdays call SASE, CP has it, PAN, Fortinet, Aruba...
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard in this context is CNAPP & WAF etc.
Smart-1 Cloud is the "as a service" management option you are likely after in the portal. This is not dedicated to managing Cloudguard Network Security Gateways as it can also manage typical on-prem Quantum & Spark gateways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, there is a separate manager for the cloud, smart-1 and there is a separate gateway called cloudguard for firewall and IPS, what is the tab in infinity portal then for? Is it a tool that complements the manager and gw to provide these additional features? If so, can the cloudguard tab on infinity portal be integrated with both the cloud smart-1 manager & the on prem manager or just smart-1?
Features.
cloudguard controller
cloudguard network
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard Firewalls can be managed by the same security management as your on-prem firewalls, separate management isn't mandatory (Smart-1 Cloud is just an option here as is hosting a management VM on Azure / VMware or running a Smart-1 appliance etc). Cloudguard controller is a component that allows the security policy of the gateway to be dynamically updated with cloud objects such as items in your AWS or Azure environment.
Cloudguard in the infinity portal context is a separately licensed set of products different from the Firewall/IPS. Many of these deal with the native configuration / compliance & security of the cloud environment itself not a virtual firewall appliance.
Hope that helps to make it clearer?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Chris,
It's still not clear I can use the cloudguard tab in the infinity portal with an on prem manager and cloudguard fw/ips gw. Does it only integrate with smart-1 cloud? Will all of the options below work with an on prem manager?
cloudguard controller
cloudguard network
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No it is a separate licensed product unrelated to NGFW and is a standalone SaaS solution in it's own right tackling other aspects of cloud security.
Smart-1 Cloud like on-prem Smart-1 management is for Firewall Management (physical or virtual).
If it is still unclear please provide a screenshot so I can see how the confusion has come about other than the "cloud" reference which merely indicates the portfolio categorization to which it belongs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe what @Chris_Atkinson is saying is that those cloudguard firewalls CAN be managed by either regular or S1C mgmt server...
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know cloudguard IPS/fw can be managed by either smart-1 or on prem managers.
That's NOT what this post is about.
I'm asking about the tools in the cloudguard portal and IF it matters that the manager is on prem.
RE:
cloudguard controller
cloudguard network
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now I get it! That Im not sure, lets see what Chris says.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your existing firewall management is unrelated to most all of those items except:
Cloudguard network = virtual NGFW managed by your choice of Mgmt.
Cloudguard controller is part of the management and integrates with the cloud environment to provide dynamic updates of policy objects e.g. VM to IP mappings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like my on prem manager should integrate with the cloud guard tab in the infinity portal, but when I try to add my on prem account for licensing it's not letting me pick that account. I'll call account services for some direction.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not the case in my experience, they're separately licensed solutions vs gateway/management with no interelationship to them.
Suggest reaching out to your local SE to walk through what your trying to do and ultimately understand you requirements better.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My understanding is that these cloudguard tools on the portal work with both the the gateway and the manager, after the licensing is in place.
RE:
cloudguard controller
cloudguard network
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No only the first two as "terms" have any relevance to an existing on-prem Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Chris_Atkinson
Apologies if this will sound like a dumb question, pardon my ignorance, but reading below link, sounds like you just integrate controller say into existing on prem management or am I missing something?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct for that specific component but not all "Cloudguard" named items are related to a Security Gateway or Smart-1 Management.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So is this the part that would be mandatory?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not for Cloudguard no, that is relevant only to the items shown beneath it e.g. SD-WAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now we are getting somewhere. Ok, so with the an on prem manager and cloudguard network (the AWS gw) these tools aren't going to work? I'm surprised because I've used load balancing software on the on prem manager to pull objects down and for autoscaling integration. Oh, that's controller... The compliance blade works as well from an on prem manager but that must also be a separate integration from CSPM. That may just exist as a seperate tool Maybe cspm doesn't work with an on prem manager.
These tools won't work with an on prem manager
cloudguard posture management
cloudguard workload
cloudguard shiftleft
cloudguard Intelligence
cloudguard WAF
Other
I think sdwan may not work either with on prem manager/cloud gw.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats precisely mu understanding as well based on what Chris said.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Suggest having a session with your local SE so you can better understand how each is used.
Not every product Check Point provides is related to SmartConsole, hope this much is clear.
Sd-wan, most certainly is a gateway feature and this involves integration between infinity portal and the management.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is what they gave me for a customer who was using CP in Azure last year, hope it helps.
Andy
--------------------------------------------------
If you are a Licenser or Admin on the machine's account, please follow the below steps in order to license your product:
Please note that this is broken down into 3 stages:
A. Generate the license
B. Install the license
C. Update contracts file
-------------------------------------------------------------------------------------------
A. Generate the license:
1. Login to your UC user > Click "Assets/Info" / "My Check Point" > Click "Product Center" > Select your account(s) from the "Selected Accounts" menu and click Done.
2. Check the box to the left of the line item(s) that require a license generation.
3. Click "License" button that has the key icon.
4. Choose 'Central' license and input the MGMT IP that manages the vSec gateway(s)
5. Complete the rest of the required fields (marked with an asterisk)
6. Click "Activate" button (if re-licensing a product, option will be "Change")
7. Click "Get License Information" and copy the two commands that begin with 'cplic put ...' aside
------------------------------------------------------------------------------------------
B. Install the license:
1. Open SSH to the MGMT in expert mode
2. Paste the command which is labeled "For the Security Management Server"
3. Run the command "vsec_lic_cli on"
4. Run the command "vsec_lic_cli"
5. Choose option 1 (Add license)
6. Paste the command labeled "For the Security Gateway:" without the parts "cplic put" and "[module name]".
Example:
1.2.3.4 never dUy6trBX8-jmVyWKQSX-xzdTkVFVT-76nMEXDks cpsg-ve+8 cpsb-base cpsb-fw cpsm-c-2 cpsb-vpn cpsb-adnc cpsb-npm cpsb-logs cpsb-ips cpsb-av cpsb-urlf cpsb-apcl cpsb-aspm cpsb-abot-s cpsb-ctnt CK-ABCDEF1234567
7. The license should be distributed to the GW's - if not manage the distribution through the other commands in "vsec_lic_cli", for more information see:
sk109713
The admin guide:
https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Central_License_Tool_Admin...
-------------------------------------------------------------------------------------------
C. Update Contracts File:
1. Login to your UC user
2. Click "Assets/Info"/"My Check Point" > Click "Download Contract File".
3. In the section titled "Service Contract File Download", select the Account(s) you need your Service Contract File for.
4. Select "Email File" or "Download Now".
5. Login to SmartUpdate
6. From the menu: select "Licenses & Contracts" > "Update Contracts > "Import File"
7. Browse to the directory where the file is located and click "Open"
8. The file will be added to the respective certificate key(s)
Finally, to verify the file was successfully installed, run 'cplic print -x' on the command line.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris explained it way better than I did.
Andy