CloudGuard Network Security Gateways Deployment

After connecting your cloud account, you can deploy CloudGuard Network Security Gateways through a streamlined wizard. The deployment process varies based on the selected cloud account and CloudGuard Network Security solution type.

Available CloudGuard Network Security solutions:

• CloudGuard Network for Azure Virtual WAN

• CloudGuard Network for GCP Network Security Integration

Deploying CloudGuard Network Security Gateways for Azure vWAN

Follow these steps to deploy CloudGuard Network Security Gateways:

Step 1: Select Cloud Account

1. From the Deployments page, click New deployment and select Microsoft Azure to launch the deployment wizard.

2. Choose the account where the Security Gateways will be deployed.

   The wizard displays all connected cloud accounts.

   Use the search field to locate specific accounts.

   If your desired account doesn't appear in the list, go to the Accounts page to add a new cloud account.

3. Select an account and click Next.

Step 2: Select Security Management Server

1. Choose the Security Management Server to manage the deployed Security Gateways.

   The wizard displays available Security Management Servers with their connection status and Check Point version information.

   Use the Search field to filter Security Management Servers.

2. Select the Security Management Server and click Next.

Step 3: Select Solution Type

1. Choose the CloudGuard Network Security solution based on your requirements.

2. Click Next to continue.

Step 4: Select License Type

1. Choose the License type. Available options:

   • Security Enforcement (includes Security Gateway and Threat Prevention)

   • Full Package (includes Security Gateway, Threat Prevention, SandBlast, and Smart-1 Cloud)

   • Full Package Premium (includes Security Gateway, Threat Prevention, SandBlast, Smart-1 Cloud, Compliance, DLP, and SmartEvent)

2. Click Next to continue

Step 5: Solution Configuration

1. Configure Cloud account and Security Gateway settings including authentication, licensing, and a policy to install during deployment.

2. Click Next to continue.

Step 6: Routing Intent and Policy

1. Configure routing policies to direct traffic through the CloudGuard NVA Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure..

   You can select to skip routing configuration and perform it later or set up routing rules and policies instantly and apply them immediately upon deployment.

2. Click Next to continue.

Step 7: Deployment Summary

1. Review configuration before deployment.

2. Click Back to modify or Deploy to begin provisioning.

After initiating deployment, you can monitor progress from the Deployments page.

Note - CloudGuard Network Security Gateways deployment may take up to 30 minutes to complete.

For additional configuration options, see the CloudGuard Network for Azure Virtual WAN Deployment Guide.

Deploying CloudGuard Network Security Gateways for GCP NSI

Important - Enable the Compute Engine API (https://compute.googleapis.com) before deploying the solution.

Follow these steps to deploy CloudGuard Network Security Gateways:

Step 1: Select Cloud Account

1. From the Deployments page, click New deployment and select Google Cloud Platform to launch the deployment wizard.

2. Choose the account where the Security Gateways will be deployed.

   The wizard displays all connected cloud accounts.

   Use the search field to locate specific accounts.

   If your desired account doesn't appear in the list, go to the Accounts page to add a new cloud account.

3. Select an account and click Next.

Step 2: Select Security Management Server

1. Choose the Security Management Server to manage the deployed Security Gateways.

   The wizard displays available Security Management Servers with their connection status and Check Point version information.

   Use the Search field to filter Security Management Servers.

2. Select the Security Management Server and click Next.

Step 3: Select Solution Type

1. Choose the CloudGuard Network Security solution based on your requirements.

2. Click Next to continue.

Step 4: Select License Type

1. Choose the License type (BYOL or PAYG).

   Note - If you choose BYOL (Bring Your Own License), you must use it with Check Point Central License A Central License is a CloudGuard Security Gateway license. It is deployed and managed on the Security Management Server or Multi-Domain Server and distributed from a license pool to all CloudGuard Security Gateways connected to corresponding Management Servers. (for more information, see the CloudGuard Central License Management Utility guide).

2. Click Next to continue.

Step 5: Solution Configuration

1. Configure Cloud account and Security Gateway settings, including authentication and a policy to install during deployment.

2. Click Next to continue.

Note - When a GCP See 'Google Cloud Platform'. NSI deployment is performed: IPS Intrusion Prevention System (IPS), also known as intrusion detection prevention system (IDPS), is a technology that keeps an eye on a network for any malicious activities attempting to exploit a known vulnerability. Software Blade is automatically enabled on the deployed Security Gateways. An additional service VPC is deployed. You can delete this VPC if you don't need it.

Step 6: Deployment Summary

1. Review configuration before deployment.

2. Click Back to modify or Deploy to begin provisioning.

After initiating deployment, you can monitor progress from the Deployments page.

Note - CloudGuard Network Security Gateways deployment may take up to 30 minutes to complete.

For additional configuration options, see the CloudGuard Network for GCP Network Security Integration Administration Guide.

Managing Deployments

After deploying CloudGuard Network Security Gateways, they appear in the Deployments dashboard with the following information:

• Status - Visual indicator of deployment state.

• Name - Deployment identifier.

• Account - Cloud account name.

• Solution - Deployed CloudGuard Network Security solution.

• Version - Check Point version.

• Policy - Applied policy package.

• Management - Security Management Server name.

• Deployment time - Timestamp of deployment initiation.

Filtering Deployments

Use the Filters panel to narrow deployment views by:

• Management

• Policy

• Solution

• Status

• Version

Searching Deployments

Use the Search field to locate specific deployments by name.

Viewing Deployment Details

Click on any deployment to view detailed information in the side panel.

Managing Deployments in SmartConsole

To view and manage deployment templates in SmartConsole, open SmartConsole and go to Manage & Settings > CloudGuard Network. Click the Edit button at the right, above the cloud provider tiles.

In the CME Overview window, select the cloud account to see the corresponding templates. For more information, refer to the Cloud Management Extension Administration Guide.

Next Steps

When deployment completes successfully (with a green check mark), the CloudGuard Network Security Gateways appear in SmartConsole with the policy already installed.

Access SmartConsole to create rules and install them on the deployed CloudGuard Network Security Gateways.