Launching Azure Virtual WAN Integration in the Check Point Infinity Portal

To launch Check Point protection on your branch office device, you must enable CloudGuard Connect and integrate it with the Azure Portal.

Enabling CloudGuard Connect

To work with the CloudGuard Connect, you must register or login in the Check Point Infinity Portal.

Check Point Infinity Portal provides unified security that is delivered as a service. With one Infinity Portal account, your company can manage security for network, endpoint, and cloud.

To register a new account on the Check Point Infinity Portal, go to Check Point Infinity Portal https://portal.checkpoint.com.

You can use the direct registration link for your CloudGuard Connect: https://portal.checkpoint.com/create-account/cloudguardconnect.

If you are already registered on the Check Point Infinity Portal, sign in here: https://portal.checkpoint.com.

Note -Registration creates you an account on the Infinity Portal but does not automatically log you in to any specific security service. In the free 30-day trial version, you can log into the CloudGuard Connect service, connect branch offices to a single cloud service location, and provide security for up to 200 users. The full functionality of CloudGuard Connect is available with a purchased software license. For more information about licensing, contact your Check Point Sales representative, or see the Contracts page of the Check Point Infinity Portal Admin Guide.

To enable the CloudGuard Connect:

  1. Click the Menu button at the top left corner of Infinity Portal.

  2. Click CloudGuard Connect:

  3. Your Dashboard now looks like this:

Starting the Integration between Check Point and Azure Virtual WAN

This integration guarantees a secured access control and threat prevention between any branch office or VNet and the Internet if their traffic is configured as secured.

To start the integration between Check Point and Microsoft Azure Virtual WAN:

  1. Go to Assets > Sites.

    Example:

    Note - If want to use a site that you manually created before, you can only integrate it with Microsoft Azure Virtual WAN only with the Check Point support.

    To open a support ticket click here.

  2. Click Sync With Azure Virtual WAN.

    A pop-up wizard opens.

    Example:

  3. Enter the parameters you created in the previous step. See Assigning API Access to Check Point.

    • Tenant ID

    • Subscription ID

    • Application ID

    • Password

    Note - All fields marked with an asterisk (*) are mandatory.

  4. Click Next.

  5. Wait for Check Point to validate the credentials and the given permission level.

    This screen shows a preview of the resources inside the Azure Virtual WAN secured later by Check Point.

  6. Confirm the auto sync between Check Point and Azure Virtual WAN.

    Example:

  7. Click Enable Auto Sync.

    It confirms the auto sync between Check Point and Microsoft Azure Virtual WAN.

  8. Wait for Check Point to generate secured hubs for every secured resource.

    Check Point automatically secures any regional hub that is marked as a Secured Resource, and has at least one site or VNet marked as Secured Traffic.

    To get at least one site or VNet, select the site or the VNet and click Secure Internet Traffic. For more information see Selecting Secured Resources in Azure Portal.

    Note - Creation of a hub secured by Check Point can take up to 30 minutes. In the end of the creation process the status of the new hub changes from Generating… to Waiting for Traffic or Active. For more information about the statuses of the Check Point assets see the Assets page in the CloudGuard Connect Administration Guide.

Securing Additional Resources in Azure Portal

You can now repeat the step Selecting Secured Resources in the Microsoft Azure Portal to create security for additional entities, for example:

  • Traffic between other sites and the Internet

  • Traffic between other VNets and the Internet

  • Regional hubs

Check Point automatically secures any resource marked as secured in the Microsoft Azure Portal. This means that now you do not have to manage your assets twice. You can select to secure them in the Azure Portal.

You can monitor creation of the Check Point events security for your regional hubs in two ways: