Doubts about integration with Cisco ACI
A customer is planning the deployment of a Maestro security group that will work within a Cisco ACI fabric. I am reading CloudGuard Controller R81 Administration Guide and CloudGuard for ACI Administration Guide R80.10 docs, but have some doubts i hope someone could clarify.
On sk112726 there is no a device package for R81.X management server. Can we jus use the latest device package version? or how can we deal this situation?
Is the CloudGuard Service Registration Hotfix still required on management server R81 or R81.10? On sk111969, we only have this hotfix available for management server up to version R80.40.
On CloudGuard Controller R81.10 Administration Guide, prerequisite section says Cisco ACI 4.2 or lower is required. Is this mandatory? Does it mean it will not work or just It has not been tested on higher versions like 5.X?
Maybe since R81 we are supposed to use only data center objects and there is no need for the CloudGuard Service Registration hotfix, however we still need the device package to be installed on the APIC.
Thanks in advance!
Check Point and Cisco recommend the use of PBR in unmanaged mode.
PBR enables provisioning service appliances, such as firewalls or load balancers, as unmanaged nodes without needing a Layer 4 to Layer 7 package.
Check Point components of the solution:
CHKP MGMT + CG Controller
CHKP GW - Could either be virtual or physical
Thanks for your comment. That part is very clear, the question is:
Is the CloudGuard Service Registration hotfix still required on R81/R81.10? If so, were can we get it? it is not available on sk111969 CloudGuard for ACI only avaliable for versions R80.10-40.
Same question for the device package for Cisco ACI, sk112726 CloudGuard for ACI - Device Packages for Cisco APIC there is no device package for CG Controller R81/R81.10.