Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JulzorenSen
Contributor

Security Gateway vs CloudGuard? Integration with Cisco ACI

Jump to solution

Hello everyone,

 

I know it is a pretty dumb and basic question but I'am struggling to find a simple answer :

 

What is the difference between a Security Gateway and CloudGuard?

Is CloudGuard just a virtual gateway or is it more than that?

 

I'am asking this because we would like to integrate our on-prem ACI DC with our CheckPoint's to dynamically get the EPGs and use them in our policies. But we are using physical Security Gateways and not CloudGuard for East/West traffic (and North/South aswell). These are 6600 gws running R80.30 last JHF, soon R81.

Can I do that ??

 

Sorry for the dumb question 🙂

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

CloudGuard is a whole suite of solutions, one of which is a virtualized security gateway.
Another component is the CloudGuard Controller, which runs in your management server.
It talks to the various “clouds” and translates it to various gateways using the Identity Awareness APIs supported by all recent Check Point gateways.
This allows physical or virtual gateways to enforce policy based on the acquired identities.

A hotfix is required for ACI support, however.
More details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

3 Replies
PhoneBoy
Admin
Admin

CloudGuard is a whole suite of solutions, one of which is a virtualized security gateway.
Another component is the CloudGuard Controller, which runs in your management server.
It talks to the various “clouds” and translates it to various gateways using the Identity Awareness APIs supported by all recent Check Point gateways.
This allows physical or virtual gateways to enforce policy based on the acquired identities.

A hotfix is required for ACI support, however.
More details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

JulzorenSen
Contributor

Thank you for your reply 🙂

 

We did manage to test it yesterday and it works perfectly : exactly what we were looking for !

 

We didn't have to install any Hotfix though, CloudGuard Controller was already enabled on the Mgmt side, we just had to configure the Datacenter Object. On the gateway side, we just had to enable IA Blade API and that's it, we can use dynamicly learn EPGs from ACI in our policy : amazing.

 

When it comes to CloudGuard, i've digged a bit more.

If I understand correctly, there is CloudGuard IaaS which basicaly represents a virtual Security Gateway with some cloud feature (auto-scaling, etc). On the other side, there is CloudGuard SaaS which is a completely different solution which enables security at the Service level (O365, G-suite, etc).

Is that correct?

0 Kudos
PhoneBoy
Admin
Admin

Those two products now have new names:

  • CloudGuard Network Security (Formerly CloudGuard IaaS)
  • Harmony Email and Office (Formerly CloudGuard SaaS)

You can find out about the other CloudGuard solutions here: https://community.checkpoint.com/t5/CloudMates-Products/ct-p/CloudMatesProducts 

 

0 Kudos