CloudGuard IaaS for NSX-T
Check Point CloudGuard for VMware NSX delivers multi-layered defense to protect East-West and North-South traffic within the deployed Data Center. CloudGuard transparently enforces security at the hypervisor level between Virtual Machines (VMs), and provides comprehensive visibility into virtual network traffic trends and threats.
CloudGuard Gateway for NSX is automatically deployed as a service Virtual Machine (VM) in a virtual environment. The CloudGuard Gateway secures Data Center traffic between VMs across the virtual network.
ESXi Host Security Considerations
To learn how to secure your ESXi server, see VMware Best Practices - Security Hardening
Check Point Best Practices:
-
Use a separate secured network for the vSphere server management.
-
Permissions required for integration between different solutions should follow the least privileges model. This provides the minimum permissions required for proper function. For example, VMware NSX-T Manager and Check Point Security Management Server.
To learn more about VMware roles and permissions, see the best practices in the Managing VMware Virtual Center Roles and Permissions Guide.
Note - CloudGuard for NSX requires NSX Administrator Permission.
Supported Gateway Versions:
Service Insertion (North/South)
-
R80.30
-
R81
-
R81.10
Service Chaining (East/West)
-
R80.30
-
R81
-
R81.10
Supported Management Versions:
-
R80.30 and higher (with CME bundle)
Basic Deployment with Hypervisor Mode
The CloudGuard Gateways inspection of all traffic that goes to, from or inside the protected Security Group.
