Print Download PDF Send Feedback

Previous

Next

vSEC Controller for OpenStack

vSEC Controller integrates the Check Point Security Management Server with OpenStack Keystone. The Check Point Data Center server connects to OpenStack and retrieves network object data from OpenStack Neutron.

Connecting to an OpenStack Server

To connect to the OpenStack server:

  1. In SmartConsole, click Objects menu > More object types > Server > Data Center > New OpenStack.
  2. Enter credentials and connection properties:
    1. Hostname - The URL of your OpenStack server in this format:

      http(s)://1.2.3.4:5000/<keystone_version>

      Example: https://1.2.3.4:5000/v2.0

      Note - If you do not know your keystone URL, use this command to find it:

      openstack endpoint show keystone | grep publicurl

    2. Username - Username for the OpenStack server.
    3. Password - Password for your Username.
  3. Select Test Connection to establish a secure connection.

    If the certificate window opens, confirm the certificate and click Trust.

  4. When the connection status changes to Connected, click OK.

    If the status is not Connected, troubleshoot the issue before you continue.

Note - If you want to log into an OpenStack domain that is not your default domain, use this format: <OpenStack_domain_name>/<user_name>

OpenStack Objects

Objects

Imported Properties

Imported Property

Description

IP

VM - VM IP address

Security Group - IP addresses of the VMs inside the group

Subnets - IP addresses of the VMs inside the subnet

Note

Instances - Empty

Security Group - Description of the group

Subnet - IP address and mask of the subnet

URI

Object path

vSEC Controller for VMware Server

To connect vSEC Controller to a VMware vCenter or VMware NSX Data Center Server:

  1. In SmartConsole, click New object > More objects types > Server.
  2. Click Data Center > New vCenter/New NSX.
  3. In the window that opens, Hostname field, enter the IP address or DNS name of the vCenter or NSX Manager server.
  4. In Username, enter your VMware administrator username.
  5. In Password, enter the password for the VMware administrator username.
  6. Click OK.

vSEC Controller for vCenter

The Check Point Data Center Server connects to the VMware vCenter and retrieves object data. vSEC Controller updates IP addresses and other object properties in the Data Center Objects.

You must have a VMware vCenter username with at least Read-Only permissions.

VMware vCenter Objects

VMware vCenter objects appear in the Hosts and Clusters view in the vCenter vSphere Web Client.

vSEC Controller for VMware NSX Manager Server

The vSEC Controller integrates the VMware NSX Manager Server with Check Point security. The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data. The vSEC Controller updates IP addresses and other object properties in the Data Center Objects group.

You must have a VMware NSX username with permission of an Auditor or greater to access the vSEC Controller.

Note - This role is sufficient for vSEC Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).

VMware NSX Objects

The VMware NSX Controller object is the Security Group. It enables a static or dynamic grouping based on objects such as virtual machines, vNICs, vSphere clusters, logical switches, and so on.

Imported Properties

Description

IP

All the security group IP addresses

Note

Description value of a security group

URI

Object path

Threat Prevention Tagging for vSEC for NSX Gateway

Threat Prevention Tagging

Threat Prevention Tagging automatically assigns Security Tags to Data Center objects based on Threat Prevention analysis and group affiliation. This enables the usage of dynamic Security Groups in policy rules.

Enable Threat Prevention Tagging for Anti-Bot and Anti-Virus services to the vSEC for NSX Gateway. When a threat from an infected VM reaches the gateway and is denied entry, it is tagged as an infected VM in the NSX Manager.

To apply Threat Prevention Tagging:

  1. Deploy the vSEC Gateway for NSX service. See vSEC for NSX Managed by the R80.10 Security Management Server Administration Guide.
  2. To enable Threat Prevention on the vSEC for NSX Gateway, see the vSEC Controller 80.10 Administration Guide.

To activate tagging:

  1. Run the command: tagger_cli
  2. Select Activate Cluster.

    vSEC for NSX Clusters with active Anti-Bot and/or Anti-Virus blades on them, show.

  3. Select the Cluster.

    Make sure Cluster activated successfully shows.

When it is activated, the Cluster automatically tags infected VMs in the NSX Manager Server. The Security Tags are:

The Security Tags are created automatically in the NSX Manager Server when the Cluster is activated.

When Security Tags are configured, you can create policy rules based on the Security Groups that contain those tags.

Advanced options:

Use advanced menu options to configure the tags.

Show Activated gateways - Lists the activated Clusters and the status of each vSEC for NSX Gateway.

Modify Anti-Bot Security Tag - Enable or disable the tagging for the Anti-Bot blade and change the Security Tag.

Modify Anti-Virus Security Tag - Enable or disable the tagging for the Anti-Virus Software Blade and change the Security Tag.

Modify White List - IP Addresses listed in the White List are not tagged. (Split by spaces. Ranges are not accepted.)

Create New Security Tag - Creates a new Security Tag in the NSX Manager Server.

Update Data - When you add a new ESX to a Cluster, vSEC for NSX Gateway automatically updates the Threat Prevention Tagging data within 15 minutes. Select this option to manually update the data on the new vSEC for NSX Gateway.

Threat Prevention Tagging Logs

In SmartConsole, in the Logs & Monitor tab, see vSEC Tagging in the Blade column.

Message

Description

The Virtual Machine <vm_id> was tagged successfully with Security Tag '<tag_name>' in NSX <nsx_ip>

Threat Prevention tagging successfully tagged a VM due to malicious traffic.

The IP address <vm_ip> appears twice in the ESX <esx_ip>. The infected Virtual Machine was not tagged

An IP address appears twice in the ESX. Tagging this prevents false positive tagging of Virtual Machines with duplicate IP addresses in the ESX.

Failed to get data from the Data Center <data_center_ip>

Error getting a Data Center object from the R80.10 Security Management Server API.

Check that there is a trusted connection for vSEC Controller.

Threat Prevention Tag is ignored because the VM IP '<vm_ip>' is on the White List

VM IP address is on the White list and the Threat Prevention tag is ignored.