This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
H2-F1
Participant
‎2020-09-25 11:11 PM
Jump to solution

CloudGuard SaaS with on-Prem Gateways

Hello Community,

Having been exposed to more traditional deployments such as physical and virtual SMS and gateways, I would like to know how the base installation and certain features get accomplished with CloudGuard in order to wrap my brain around its usefulness when evaluating and scoping projects.

Would it be correct to state that CloudGuard is primarily designed to manage and protect organisations' Cloud environments such as AWS and Azure, using virtual gateways? but that it can also manage on-Premise Gateways at the same time?

When setting up the CloudGuard SasS (I'll refer to it as C-SMS) with on-Premise Gateways in a ClusterXL or any other configuration, the only way I can imagine that the C-SMS can establishing SIC will be via the gateways public IP addresses? In the event that one of the gateways loses internet connectivity, this will no longer be manageable.

What about logs and all the telemetry that the gateways capture, does this constantly gets uploaded to the C-SMS? what is the bandwidth impact when most blades are active?

Finally integrating the firewalls with AD usually requires the creation of LDAP Account Unit and enabling the IA blade, Whereas this is trickier to accomplish with a C-SMS deployment. I came across the following article when researching LDAP integration C-SMS.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Is this the best practice? Or can the traditional approach (LDAP account unit and IA blade) also work with some policies and NAT rules to allow the C-SMS to reach the on-Prem Domain Controllers?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2020-09-26 02:25 AM
Jump to solution

CloudGuard IaaS = Azure,AWS,GCP etc

CloudGuard SaaS = O365, G-Suite etc 

Management can also be virtualised in Public cloud or Smart-1 Cloud (Management as a Service).

Hope this helps to distinguish the solutions.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-09-26 02:25 AM
Jump to solution

CloudGuard IaaS = Azure,AWS,GCP etc

CloudGuard SaaS = O365, G-Suite etc 

Management can also be virtualised in Public cloud or Smart-1 Cloud (Management as a Service).

Hope this helps to distinguish the solutions.

CCSM R77/R80/ELITE
0 Kudos
H2-F1
Participant
‎2020-09-27 12:31 AM
In response to Chris_Atkinson
Jump to solution

Thanks for the clarification Chris, that in itself is clearer than all the literature out there.

Looking at the MaaS, I have seen the onboarding video at

https://community.checkpoint.com/t5/How-To-Videos/MaaS-Management-as-a-Service-Onboarding-Video/td-p...

Could you please explain how you would establish SIC and setup a clusterXL with physical Gateways on premise? are there any guides on how one would configure the MaaS 

Lastly, what about integration such as AD how is that accomplished since the Smart-1 is in the Cloud?

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top