Showing results for 
Search instead for 
Did you mean: 
Create a Post

This space covers Check Point's SD-WAN solutions for Branch Office Cloud Security (CloudGuard Connect), Branch Office Virtual Gateway (CloudGuard Edge), and Capsule Connect.

inside SD-WAN yesterday
views 70 3

Enable CloudGuard Connect from your Silver Peak SD-WAN Management

Check Point has recently teamed up with Silver Peak in order to create a seamless experience for managing SD-WAN and Security.   Silver Peak is a leading SD-WAN vendor, empowering enterprises and service providers to connect users to applications while embracing broadband and delivering 10x the bandwidth for the same budget.   If you have Silver Peak Orchestrator of version 8.8.3 and above, you will find a new navigation topic Check Point CloudGuard Connect.   This means that you can now enable Check Point security from your Silver Peak management dashboard.   Step 1: Generate an API Key. From the Check Point Infinity Portal, navigate to GLOBAL SETTINGS > API Keys. Create an API access key. Make sure that Service is set to CloudGuard Connect. Click CREATE. Copy the pair of Client ID and Access Key have been generated.   Step 2: Configure your Check Point integration From the Silver Peak Orchestration, use the search bar in order to navigate to the page Check Point CloudGuard Connect. Click Subscription. Paste the Client ID and Access Key from the previous steps. Save your changes. Click Interface Labels. Silver Peak uses labels in order to create a consistent global policy across many edge devices. Any edge device that has the labels that you have selected, will eventually get Check Point automatic security. Save your changes.   Step 3: Label your branch devices From the Silver Peak Orchestration, select a device which you would like to have Check Point Security applied to, open its menu and navigate to Deployment. Make sure that at least one interface label that was selected as the labels for the Check Point integration, appears as part of its deployment settings.     Step 4: Configure business intent policy From the Silver Peak Orchestration, navigate to Silver Peak's Business Intent Overlays page. Double-click a rule which should have traffic going through Check Point Security. A pop-up dialog opens. Navigate to the Breakout Traffic to Internet & Cloud Services page. From the Available Policies column, drag the Check Point CloudGuard option and drop it at the Preferred Policy Order column. The Check Point option is only available if you created a subscription at step 2.  Click OK. This drag-and-drop deployment is the heart of this integration. You can then repeat this process for the remaining rules at your business intent overlay policy. Please note that traffic going to Check Point will only apply for edge devices which have the specific interface labels, as set at step 2. Once you are done, click Save and Apply Changes to Overlays. The policy gets applied.    Step 5: Watch the magic From the Silver Peak Orchestration, navigate to the Check Point CloudGuard Connect page. You should now see progress of the Check Point sites being created. This could take several minutes. Once the status changes from In Progress to Active, that means that the deployment has finished.   Step 6: Prevent cyber-attacks Check Point's default policy prevents known attacks using reputation services, signatures and bot communication prevention, prevents unknown attacks using cloud-based sandboxing, over all protocols, unencrypted and encrypted. It also contains an application-aware access control policy and a web-based management for security events and log monitoring. So this means that from the moment the sites are active, security gets applied - no intervention from the administrator is needed. By default, all administrators get a weekly security report to their emails. You can also access that report, as well as dashboards and traffic logs, by navigating to the Logs page at Check Point's Infinity Portal.        
inside SD-WAN Monday
views 142

White Paper - SD-WAN Architectural Reference Guide

This how-to guide is intended for enterprises looking to reduce the cost of their WAN, while increasing business agility and application performance, in a secure manner. The recommendations in this document are designed to inform engineers, architects and enterprise security professionals, who want to deploy SD-WAN, and are looking for advice on choosing the right reference architecture for their specific environment. Various use cases are also listed to help the reader find the most appropriate solution for their business needs.     Author: @Jeroen_De_Corel  For the full list of White Papers, go here. 
Marcos_Vieira1 inside SD-WAN 2019-12-20
views 541 4

Cloud Guard Edge VNF

Hi,     If I have understood it correctly, the CloudGuard Edge is a solution on which you can enable a CheckPoint instance inside a SD-WAN Appliance.      It is enabled through the VNF (Virtual Network Function).  I understand that this is a VM inside the SD-WAN Appliance.      Is this VNF an static machine, with pre-defined Memory, CPU and Disk Space? Or I can reconfigure it as necessary? Of course within the limits of the SD-WAN appliance.      In the presentation "sd-wan security.pdf" ( it says that the "minimum" required (page 16) is 1GB RAM, 1 "core", 1GB disk space. The license is based in the number of cores. It means I can change the VNF to user more resources and so guarantee more performance?      The datasheet talks only about the 520v and 840 models. Are these the only ones supported?Thanks,
Stephen_Moreau inside SD-WAN 2019-12-13
views 293 5 1

Capsule Connect on MacOS Catalina

I was using macOS 14 (Mojave) with Capsule Connect successfully. I upgraded to macOS 15 (Catalina) and now the Capsule Connect client is flagged as incompatible (non 64 bit perhaps) and will no longer load at startup. I downloaded a new copy of the client (regenerated the welcome email and downloaded a fresh copy of the client) and attempted to install it but it does not seem to be loading. Can anyone confirm if the client is compatible or not with Catalina please?
inside SD-WAN 2019-12-05
views 3625 5 2

Check Point integration guides with SD-WAN vendors

Check Point integrates with all major SD-WAN vendors as part of Network Security as a Service.   Customers secure their branch offices and roaming users with Check Point’s latest Threat Prevention and Access Control, without the need to replace the site’s existing router or SD-WAN device.   Check out our official step-by-step guides with: Silver-Peak VeloCloud Cisco SD-WAN    Additional vendor-specific instructions are available inside our web-based management. Start a 30-day trial at Create a Site. Once the Site is ready, click Configure Your Router at the site card, or click its card and select Menu > View Instructions Select your choice of router or SD-WAN device and get step-by-step instructions for connecting it to Check Point's Network Security as a Service. These instructions contain the Check Point IPsec or GRE tunnels that were assigned to you.      
inside SD-WAN 2019-12-01
views 253

CloudGuard Connect Admin Guide

CloudGuard Connect, Check Point's cloud-delivered security platform for branch offices, has a new admin guide.   It is available at   Looking forward to get your feedback on Check Point's cloud solutions and cloud-based management!
salila inside SD-WAN 2019-09-25
views 314 1

Checkpoint Capsule Connection Failed

After upgrading to R80.20 users unable to connect to Checkpoint capsule,any suggestions why this is not working?
inside SD-WAN 2019-09-14
views 2559 14

SD-WAN Security Techtalk Video and Slides

On 4th September 2019, we did a TechTalk with @Tomer_Sole on Check Point's new security solutions for SD-WAN.We talked briefly about CloudGuard Edge for SD-WAN devices, but mostly discussed CloudGuard Connect, Cloud Network Security as a Service. Materials available to CheckMates members: Slides Full Video of session (excerpt is below) (view in My Videos)
Josh_Allen inside SD-WAN 2019-09-13
views 315 3

Capsule Cloud on 80.30

Is there anyone successfully managing capsule cloud on 80.30? We are in the middle of migrating to managing it from 80.30 from our old 77.30 management server. I do have a case open with checkpoint and am continuing to peruse it, I just wanted to see if anyone else was having success.  Also is this product pretty much on the way out? I am seeing posts about Network Security as a Service being the future for mobile management in this area. Is any more effort being put into keeping capsule cloud a viable service? I see it is running on a 75.40 engine. 
inside SD-WAN 2019-09-05
views 2860 4 4

TechTalk - SD-WAN Security

Join our next TechTalk on 4 September, 2019. In this session, we will discuss Check Point’s new solution for securing branch offices. Customers can get Check Point’s latest Threat Prevention and Access Control, without the need to replace the site’s existing router or SD-WAN device.   Registration Link Note: date changed
Stephen_Moreau inside SD-WAN 2019-08-10
views 265 4

What is a reasonable 'Quality of service' with Capsule Connect

I am based in Ireland where there is a single Capsule Connect POP. Recently some of my clients (and myself as a user) are experiencing slowness and delays with Capsule Connect. Disconnecting the client immediately resolves the issue. When I look at the client and specifically at the 'Quality of service' value, it's showing around the 209 milliseconds mark. My immediate sense is that this is a large value but I need a point of reference. I have not paid attention to this pre-issue so cannot say if this is up on what it was previously. Can someone give me a steer here? What value is seen in other locales, especially ones with multiple POPs?ThanksSteve
Bipin inside SD-WAN 2019-07-23
views 1072 1

SD-WAN Roadmap

Hi,Does checkpoint have any roadmap for SD-WAN? Regards,Bipin 
Andreas_Aust2 inside SD-WAN 2019-07-05
views 6346 6 2


When do we have VXLAN and SDWAN ?
PAUL_SAMWAYS1 inside SD-WAN 2019-06-19
views 1659 2 1


What are CheckPoint doing about SD-WAN ? and are there any developments to having an SD-WAN solution available soon ?
inside SD-WAN 2019-05-16
views 5038 8 10

Early Availability Program for Network Security as a Service

Cloud Network Security as a Service (NSaaS) is Check Point’s new product and architecture for cloud-delivered security.   Customers secure their branch offices and roaming users with Check Point’s latest Threat Prevention and Access Control, without the need to replace the site’s existing router or SD-WAN device.   The web-based, cloud-native management for Cloud NSaaS enables you to connect your branch office within minutes.   Data sheet is attached.   Now in Early Availability, Check Point R&D and SE’s are actively onboarding customer production sites.   Join the Early Availability Program either by:   Creating a new account at Visiting Check Point Infinity Portal . If you currently use CloudGuard SaaS, click the new Menu icon, select to Try Network Security as a Service.