Deployed Resources

In the case of a deployment error, you can delete the deployed resources manually.

Azure vWAN Resources

Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. Resource Group is created during deployment. It contains the Azure Managed Application with the following resources:

• NVA Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure.

• Managed identity

• Public IP address (if selected for the deployment)

GCP NSI Resources

These resources are created during deployment:

• Instance Template

• Firewall

• Instance Group Manager

• Autoscaler

• Network (two VPCs - for Security Management Server and Security Gateways)

• Health Check

• Backend Service

• Forwarding Rule

• Intercept Deployment Group

• Intercept Deployment

Resource Naming Convention

When GCP See 'Google Cloud Platform'. NSI deploys, it uses these components to build resource names:

• prefix: The deployment prefix.

• random_string: A 5-character random string.

• region: The GCP region (for example, us-central1).

• zone: The GCP zone (for example, us-central1-a).

The random_string value is generated by Terraform An infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share. during deployment and embedded into resource names to ensure uniqueness.

The resource names:

1. Networks and Sub-networks

   (These resources are created only if you provide CIDR ranges, otherwise existing networks are used.)

   • Management Network: {prefix}mgmt-network{random_string}-nsi

   • Security Network: {prefix}security-network{random_string}-nsi

   • Management Subnet: {prefix}mgmt-network{random_string}-nsi-subnet

   • Security Subnet: {prefix}security-network{random_string}-nsi-subnet

2. Firewall Rules

   • Management Network (only created if you configure traffic rules):

     • ICMP: {prefix}mgmt-icmp{random_string}

     • TCP: {prefix}mgmt-tcp{random_string}

     • UDP: {prefix}mgmt-udp{random_string}

     • SCTP: {prefix}mgmt-sctp{random_string}

     • ESP: {prefix}mgmt-esp{random_string}

   • Security Network (always created):

     • {prefix}

     • -data-network-allow-udp-6081{prefix}

     • -data-network-allow-tcp-8117-hc-ranges

3. Compute Resources

   • Instance Template: {prefix}tmplt{random_string}

   • Instance Group Manager: {prefix}igm{random_string}

   • Autoscaler: {prefix}autoscaler{random_string}

   • VM Instances: {prefix}-{random_string}-XXXX (GCP adds the XXXX suffix)

4. Load Balancer

   • Health Check: {prefix}-ilb-health-check

   • Backend Service A Check Point service offering that helps customers with deployments or technical services for Check Point products.: {prefix}-ilb-backend-service

   • Forwarding Rules: {prefix}ilb-forwarding-rule{zone} (one per zone)

5. Network Security Intercept (NSI-Specific)

   • Intercept Deployment Group: {prefix}-intercept-deployment-group

   • Intercept Deployments: {prefix}intercept-deployment{zone} (one per zone)