Overview of CloudGuard Network for OCI Instance Pools

Use this guide to deploy a Check Point CloudGuard Network for OCI Instance Pools solution.

Note - For the list of supported versions, refer to the Support Life Cycle Policy.

Licensing

Check Point CloudGuard Security Gateways and Check Point CloudGuard Security Management Server must have a license.

The CloudGuard Network for OCI Instance Pools solution uses the BYOL licensing model.

Important - All CloudGuard Network Security Gateways in the Instance Pool must use BYOL.

To buy BYOL licenses, contact Check Point Sales.

For more information about licensing, see the CloudGuard Network Central License Management Utility guide.

Introduction to OCI Instance Pools

OCI Instance Pools let you deploy and manage groups of identical virtual machines (VMs) in Oracle Cloud. They automatically adjust VM numbers based on your needs. Each OCI Instance Pool spreads VMs across different Availability Zones for reliability. A Load Balancer sends network traffic to these VMs.

Check Point CloudGuard Network protects OCI Instance Pools from cyber attacks, and it must be as scalable, as the resources it protects.

The system uses these key parts:

  • CloudGuard Network Security Gateways shield your resources (VMs).

  • A Security Management Server manages all Security Gateways.

  • Oracle Autoscale monitors your Instance Pool size and adds or removes Security Gateways as needed.

Notes:

  • Security Gateway count must match your Instance Pool size.

  • The Security Management Server can run in Oracle Cloud or on-premises.

Prerequisites

Make sure you are familiar with these topics:

Vendor

Topics

Oracle Cloud Infrastructure

  • Instance Pool

  • Auto-Scaling

  • Load Balancers

Check Point

  • CloudGuard Network Security Gateway

  • CloudGuard Network for OCI

Components of the Check Point Deployed Solution

The diagram below depicts an OCI Virtual Cloud Network (VCN) with the deployed Check Point solution.

There are two backend subnets - WebApp1 and WebApp2.

WebApp1 and WebApp2 are each a user-deployed backend subnet. Each has its own load-balanced web server.

The Check Point deployed solution has these components:

  • Frontend subnet

  • Instance Pool

    The number of instances that you can deploy in the Cloud is dynamic.

  • Internal Load Balancer

  • Backend subnet

  • External Load Balancer

Note - Instance Pool cannot host different VM types.