Silver Peak Integration with Orchestrator Version 8.8.3 and Higher
Note - This procedure create a new site automatically in Harmony Connect. You cannot change the location of the site.
-
Log in to the Infinity Portal.
-
Navigate to Global Settings > API Keys.
-
Click New.
-
From the Service list, select Harmony Connect.
-
From the Roles list, select Admin.
-
Click Create.
-
Copy and save the Client ID and the API Access Key.
-
In the Silver Peak Orchestrator, click Configuration > Cloud Services > Check Point CloudGuard Connect.
-
Click Subscription.
The Subscription window appears.
-
Paste the Client ID and the API Access Key generated in the Infinity Portal.
-
Click Save.
-
In the Silver Peak Peak Orchestrator, click Check Point CloudGuard Connect > Interface Labels.
Silver Peak uses labels to create a consistent global policy across various edge devices. Any edge device with your selected labels receives the Check Point security automatically after the integration.
-
Select the order for the interface labels.
-
Click Save.
-
On the left pane, right-click the applicable device and select Deployment.
-
In the Deployment window, select a Check Point interface label.
Configuring a Business Intent Overlay Policy (BIO)
-
In the Silver Peak Orchestrator, click Configuration > Overlays > Business Intent Overlays.
-
Double-click the Check Point security policy rule that you want to apply to the traffic.
The Overlay Configuration window appears.
- Click Breakout Traffic to Internet & Cloud Services.
-
From the Available Policies list, drag-and-drop the Check Point CloudGuard policy to Preferred Policy Order. This policy is available only if you have the Check Point subscription.
-
Click OK.
-
(Optional) Apply the Check Point protection to each applicable device. Only the labeled edge devices traffic can pass through the Check Point.
-
Click Save and Apply Changes to Overlays.
-
Log in to the Infinity Portal.
-
Navigate to Harmony Connect and click Assets > Branches & Data Centers.
Harmony Connect creates the site and establishes a VPN tunnel automatically.
When the site is created, the site status is Waiting for traffic and when you generate traffic between the Silver Peak SD-WAN device and Harmony Connect through the VPN tunnel, the status changes to Active.
You can monitor various attacks prevented by the Harmony Connect cyber-security features. For more information, see Internet and Network Access Logs.