Cloud Accounts Management

Adding a Cloud Account

Before deploying CloudGuard Network Security Gateways, you must connect the CloudGuard Network application to your cloud provider account. This establishes the necessary permissions for automated Security Gateway provisioning.

Adding a Microsoft Azure Account

Prerequisites:

To connect an Azure accountClosed The email address that you provide when you create an Azure subscription is the Azure account for the subscription. The party that’s associated with the email account is responsible for the monthly costs that are incurred by the resources in the subscription. When you create an Azure account, you provide contact information and billing details, like a credit card. You can use the same Azure account (email address) for multiple subscriptions. Each subscription is associated with only one Azure account, you need:

Follow these steps to connect your Azure account:

Step 1: Account Details

  1. From the Accounts dashboard, click Add cloud account

  2. In the Account details wizard, enter the following information:

  3. Select the permission level for CloudGuard Network App to access your Azure environment:

    • Read and Write - Allows the application to deploy a solution to the cloud account.

    • Read only (Coming soon) - Allows CloudGuard Network to access metadata about your cloud resources (VMs, subnets, tags) for real-time visibility.

  4. Click Next to continue.

Step 2: Connect Account

  1. Complete the Azure integration by running the onboarding script.

    1. Click the GitHub link to review the onboarding script.

    2. Click Azure Cloud Shell to open a new browser tab with Azure Cloud Shell.

    3. Copy the command displayed in the wizard. The command includes:

      • Your subscription ID

      • Tenant information

      • Application name

      Example:

      curl -o cgns_onboarding_azure.sh https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/refs/heads/master/cloudguard-network-application/azure/cgns_onboarding.sh; chmod +x cgns_onboarding_azure.sh; ./cgns_onboarding_azure.sh --scope subscription --subscription_id <YOUR_SUBSCRIPTION_ID> --single_tenant_app_mode true --app_name <YOUR_APP_NAME> --onboarding_mode manage

    4. Paste and run the command in Azure Cloud Shell.

  2. After the script completes, copy the following values from the output:

    • Application ID

    • Client secret

  3. Paste these values into the corresponding fields in the wizard.

  4. Click Test connectivity to verify the connection to your Azure account.

  5. If the test succeeds, click Next.

Step 3: Review Summary

  1. Review the account configuration.

  2. Click Add to complete the account configuration.

Adding a Google Cloud Platform Account

Prerequisites:

To connect a GCPClosed See 'Google Cloud Platform'. account, you need:

  • GCP account with Owner or Application Administrator role

  • Project ID

  • Access to GCP Cloud Shell

Follow these steps to connect your GCP account:

Step 1: Account Details

  1. From the Accounts dashboard, click Add cloud account and select Google Cloud Platform.

  2. In the Account details wizard, enter the following information:

    • Project ID - Your GCP project identifier.

    • Account name - A descriptive name for this cloud account in CloudGuard Network App.

    • Comment (optional) - Additional notes.

  3. Select the permission level for CloudGuard Network App to access your GCP environment:

  4. Click Next to continue.

Step 2: Connect Account

  1. Complete the GCP integration by running the onboarding script.

    1. Click the GitHub link to review the onboarding script.

    2. Click the GCP project link to open a new browser tab with GCP Cloud Shell.

    3. Copy the command displayed in the wizard. The command includes:

      • Your Project ID

      Example:

      curl -o cgns_onboarding.sh https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/refs/heads/master/cloudguard-network-application/gcp/cgns_onboarding.sh; chmod +x cgns_onboarding.sh; ./cgns_onboarding.sh --project_id <YOUR_PROJECT_ID> --service_account_name chkp-<YOUR_PROJECT_ID> --service_account_project_id <YOUR_PROJECT_ID> --enable_services --create_key

    4. Paste and run the command in GCP Cloud Shell.

  2. After the script completes, copy JSONClosed JavaScript Object Notation. A lightweight data interchange format. with authentication details from the output and paste it into the corresponding field of the wizard.

  3. Click Test connectivity to verify the connection to your GCP account.

  4. If the test succeeds, click Next.

Step 3: Review Summary

  1. Review the account configuration.

  2. Click Add to complete the account configuration.

Managing Cloud Accounts

After adding cloud accounts, they appear in the Accounts dashboard with the following information:

  • Name - Account identifier.

  • Deployments - Performed gateway deployments.

  • Permissions - "Read and Write" or "Read only".

  • Cloud provider - Azure or GCP.

  • Comment - Optional notes.

Filtering Accounts

Use the Filters panel to narrow the account list by:

  • Account Type

  • Cloud Provider

  • Permissions

Searching Accounts

Enter keywords in the Search field to locate specific accounts by name or comment.

Deleting Accounts

  1. To delete an account, select it in the list. The side panel with account details opens.

  2. In the upper-right corner of this panel, click the ellipsis icon.

  3. In the drop-down menu, select Delete account.

  4. Confirm account deletion.

Managing Cloud Accounts in SmartConsole

To view and manage added cloud accounts in SmartConsole, open SmartConsole and go to Manage & Settings > CloudGuard Network. For more information, see the Cloud Management Extension Administration Guide.