Overview of Cloud Firewall for OCI Instance Pools

Use this guide to deploy a Check Point Cloud Firewall for OCI Instance Pools solution.

Note - For the list of supported versions, refer to the Support Life Cycle Policy.

Licensing

Check Point Cloud Firewall Gateways and Check Point Security Management Server must have a license.

The Cloud Firewall for OCI Instance Pools solution uses the BYOL licensing model.

Important - All Cloud Firewall Gateways in the Instance Pool must use BYOL.

To buy BYOL licenses, contact Check Point Sales.

For more information about licensing, see the Cloud Firewall Central License Management Utility guide.

Introduction to OCI Instance Pools

OCI Instance Pools let you deploy and manage groups of identical virtual machines (VMs) in Oracle Cloud. They automatically adjust VM numbers based on your needs. Each OCI Instance Pool spreads VMs across different Availability Zones for reliability. A Load Balancer sends network traffic to these VMs.

Check Point Cloud Firewall protects OCI Instance Pools from cyber attacks, and it must be as scalable, as the resources it protects.

The system uses these key parts:

  • Cloud Firewall Gateways shield your resources (VMs).

  • A Security Management Server manages all Cloud Firewall Gateways.

  • Oracle Autoscale monitors your Instance Pool size and adds or removes Cloud Firewall Gateways as needed.

Notes:

  • Cloud Firewall Gateway count must match your Instance Pool size.

  • The Security Management Server can run in Oracle Cloud or on-premises.

Prerequisites

Make sure you are familiar with these topics:

Vendor

Topics

Oracle Cloud Infrastructure

  • Instance Pool

  • Auto-Scaling

  • Load Balancers

Check Point

  • Cloud Firewall Gateway

  • Cloud Firewall for OCI

Components of the Check Point Deployed Solution

The diagram below depicts an OCI Virtual Cloud Network (VCN) with the deployed Check Point solution.

There are two backend subnets - WebApp1 and WebApp2.

WebApp1 and WebApp2 are each a user-deployed backend subnet. Each has its own load-balanced web server.

The Check Point deployed solution has these components:

  • Frontend subnet

  • Instance Pool

    The number of instances that you can deploy in the Cloud is dynamic.

  • Internal Load Balancer

  • Backend subnet

  • External Load Balancer

Note - Instance Pool cannot host different VM types.