CloudGuard Network for NSX-T

Check Point CloudGuard Network for VMware NSX delivers multi-layered defense to protect East-West and North-South traffic in the deployed Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data.. CloudGuard Network transparently enforces security at the hypervisor level between Virtual Machines (VMs), and provides comprehensive visibility into virtual network traffic trends and threats.

CloudGuard Network Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. for NSX is automatically deployed as a service Virtual Machine (VM) in a virtual environment. The CloudGuard Network Security Gateway secures Data Center traffic between VMs across the virtual network.

ESXi Host Security Considerations

To learn how to secure your ESXi server, see VMware Best Practices - Security Hardening.

Check Point Best Practices:

Use a different secured network for the vSphere server management.
Permissions required for integration between different solutions must follow the least privileges model. This provides the minimum permissions required for correct function. For example, VMware NSX-T Manager and Check Point Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

To learn more about VMware roles and permissions, see the best practices in the Managing VMware Virtual Center Roles and Permissions Guide.

Note - CloudGuard Network for NSX requires NSC Administrator permissions.

Supported Security Gateway Versions:

Service Insertion (North/South)	Service Chaining (East/West)
R81.20	R81.20
R81.10	R81.10
R81	R81

Supported Management Versions:

For R81.20 CloudGuard Network for NSX-T:

For R81.10 CloudGuard Network for NSX-T:

For R81 CloudGuard Network for NSX-T:

Supported NSX-T Manager Versions:

Service Insertion (North/South)	Service Chaining (East/West)
Starting from version 3.0	Starting from version 3.0

Supported vCenter/ESXi Server Versions:

Service Insertion (North/South)	Service Chaining (East/West)
Starting from version 7.x	Starting from version 7.x

The CloudGuard Network Security Gateways inspection of all traffic that goes to, from, or in the protected Security Group.

Item	Entity	Description
1	ESXi host	The physical infrastructure is multiple ESXi hosts in an ESXi cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..
2	NSX	NSX Manager defines Security Group and the redirection policy.
3	vCenter Server	vCenter manages ESXi hosts.
4	CloudGuard Network Security Gateway	Inspects traffic: Between VMs in the Security Group. To and from the Security Group.
5	VMs	Virtual Machines.
6	Protected Security Group	Collection of vSphere objects protected by NSX.
7	Data Center core	The Data Center switching and routing infrastructure.
8	Physical Security Gateway	Physical enforcement point.
9	Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.	Software-Defined Data Center aware Security Management Server.