This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcuzShinz
Contributor
‎2024-09-03 06:20 AM
Jump to solution

How to create object for private cloud Kubernetes on SmartConsole

Dear Guy,

I would like to find some help with creating a private cloud object for Kubernetes with Check Point on SmartConsole. On Fortigate we can find and create that object easily, but on Check Point we don't know how to do it?

Has anyone done this yet?

Step create on Fortigate, I don't know with filter field we have to use replicate.

2024-09-03_201412.png2024-09-03_201451.png

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-09-05 07:52 AM
In response to MarcuzShinz
Jump to solution

I'm not seeing where in the Fortinet documentation the IP address of the Kubernetes Connector itself (kuber_cloud, IP "35.236.76.254") can change.
This is equivalent to the Data Center object you created on the Check Point side.

What I suspect you're looking for is all the IPs used within the Kubernetes cluster.
I believe this can be done with a Data Center Query object: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CloudGuard_Controller_AdminG... 

Also, adding individual objects from the list you showed to the policy allows for much more granular policy creation.
When those objects change IP addresses in the Data Center, they will automatically update in the Access Policy as well.

View solution in original post

(1)
9 Replies
PhoneBoy
Admin
Admin
‎2024-09-03 07:41 AM
Jump to solution

You need to configure it in CloudGuard Controller first.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CloudGuard_Controller_AdminG... 

0 Kudos
MarcuzShinz
Contributor
‎2024-09-03 06:35 PM
In response to PhoneBoy
Jump to solution

Dear PhoneBoy,

We are using Maestro, not cloudguard. We see on SmartConsole that there is Object Data Center. But I don't know how it will configure the filter similar to Fortigate.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-09-03 07:09 PM
In response to MarcuzShinz
Jump to solution

CloudGuard controller is a management component that allows you to integrate with your datacenter object repository.

Once the CloudGuard controller is connected you can then import objects for use within your security policy.

CCSM R77/R80/ELITE
0 Kudos
MarcuzShinz
Contributor
‎2024-09-03 08:17 PM
In response to Chris_Atkinson
Jump to solution

I have made the connection to kubernetes and filter the same image below, are these parameters shown below dependent on Kubernetes configuration? Because I configured according to the link PhoneBoy sent, but I can't find the parameter for hostname similar to Fortigate?2024-09-04_101325.png

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-04 07:23 AM
In response to MarcuzShinz
Jump to solution

This provides access to all the objects defined in your Kubernetes datacenter, which can then be imported in your Access Policy individually.
What is your precise goal here?

0 Kudos
MarcuzShinz
Contributor
‎2024-09-04 06:16 PM
In response to PhoneBoy
Jump to solution

Dear PhoneBoy,

As the post title says, I'm looking for a way to map the connection configuration to Kubernetes similar to Fortigate on Check Point. Below link configure on Fortigate.

Collecting only node IP addresses with Kubernetes SDN connectors | FortiGate Private Cloud 7.2.0 | F...

Specifically, on fortigate, a Kubernetes object will be configured and the object will be filtered by Hostname. That means, if the user changes the IP of the Kubernetes server, this object will automatically update the new IP without any action from the administrator to edit the Object.

In Fortigate it is called Dynamic Object, I looked at Check Point's Dynamic Object, but it doesn't seem to be the same. Only the Data Center configuration is similar to the FortiGate configuration above.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-05 07:52 AM
In response to MarcuzShinz
Jump to solution

I'm not seeing where in the Fortinet documentation the IP address of the Kubernetes Connector itself (kuber_cloud, IP "35.236.76.254") can change.
This is equivalent to the Data Center object you created on the Check Point side.

What I suspect you're looking for is all the IPs used within the Kubernetes cluster.
I believe this can be done with a Data Center Query object: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CloudGuard_Controller_AdminG... 

Also, adding individual objects from the list you showed to the policy allows for much more granular policy creation.
When those objects change IP addresses in the Data Center, they will automatically update in the Access Policy as well.

(1)
MarcuzShinz
Contributor
‎2024-09-06 02:08 AM
In response to PhoneBoy
Jump to solution

Dear PhoneBoy, 

Many thanks! I was also thinking about data center query would be what I need. I will try it.

Also I have a side issue, specifically related to NAT, if you have experience with this could you please clarify it for me?

It is the "S" and "H" symbols in object translate in NAT rule. What does it mean?

2024-09-06_160342.png

Alex-
Leader Leader
Leader
‎2024-09-06 02:18 AM
In response to MarcuzShinz
Jump to solution

S = Static NAT, 1-1

H = Hide NAT, Many-to-One

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events