vSEC Controller for Cisco ACI

vSEC Controller integrates the Cisco ACI fabric with Check Point security. The Check Point Data Center Server connects to the ACI fabric and retrieves object data. vSEC Controller updates IP addresses and other object properties in the Data Center Objects group. It supports the connection to an APIC cluster for redundancy.

To learn more, see vSEC for ACI Managed by R80.10 Security Management Server Administration Guide for R80.10.

Prerequisites:

• You must have a Cisco ACI user role with at least tenant-epg read permissions.

  Note - This role is sufficient for vSEC Controller functionality. More permissions may be required for device package installation (vSEC for ACI).

• Enable Bridge Domain unicast routing to enable IP address learning for EPGs on the Cisco APIC.
• Define a subnet on the Bridge Domain to help the fabric maintain IP address learning tables. This prevents time-outs on silent hosts that respond to periodic ARP requests.

Connecting to Cisco ACI APIC Data Center Server

To connect to a Cisco ACI APIC Data Center Server:

1. In SmartConsole, click Objects menu > More object types > Server > Data Center > New Cisco APIC.
2. In the window that opens, New APIC Server, enter the addresses of APIC cluster members, delimited with a semicolon.

   Important - The addresses can be HTTP or HTTPS, but not mixed.

3. In Username, enter your APIC service username.

   If you use login domains for APIC authentication, the username format is:

   apic:<domain>\<username>

4. In Password, enter the password for the APIC username.
5. Click OK.

Cisco APIC Objects

• Tenant - A logical separator for customers, BU, groups, traffic, administrators, visibility, and more.
• Application Profile - A container of logically related EPGs, their connections, and the policies that define those connections.
• End-Point Group (EPG) - A container for objects that require the same policy treatment. Examples of these are app tiers or services (usually VLAN).
• L2 Out - A bridged external network.
• L2 External EPG - An EPG that represents external bridged network endpoints.