Print Download PDF Send Feedback

Previous

Next

CloudGuard Controller for Nuage Networks VSP

The CloudGuard Controller integrates the Nuage cloud with Check Point security.

The Check Point Data Center Server connects to the Nuage cloud and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.

Connecting to a Nuage Data Center

Step

Description

1

In SmartConsole, create a new Data Center object in one of these ways:

  • In the top left corner, click Objects menu > More object types > Server > Data Center > New Nuage.
  • In the top right corner, click Objects Pane > New > More > Server > Data Center > Nuage.

2

In the Enter Object Name field, enter the desired name.

3

In the Hostname field, enter the IP address or hostname of your Nuage VSD server.

Note - The addresses can be HTTP or HTTPS, but not both. The Nuage version is set by default to 4.0 and the port to 8443.

4

In the Username field, enter your Nuage administrator username.

 

In the Organization field, enter your organization name or enterprise.

5

In the Password field, enter your Nuage administrator password.

6

Click Test Connection.

7

Click OK.

8

Publish the session.

Nuage Objects

Objects

Object

Description

Enterprise

A logical separator for customers, BU, groups, traffic, administrators, visibility, and more.

Domain

A logical network that enables L2 and L3 communication among a set of Virtual Machines.

Security Zone

A set of network endpoints that have to agree with the same security policies.

Policy Group

Collections of vPorts and/or IP addresses that are used as building blocks for security policies that include multiple endpoints.

Add one or more vPorts to a policy group using this interface.

A policy group can also represent one or more IP/MAC addresses that it learned from external systems from BGP route advertisements based on origin.

Subnet

Subnets are defined under a zone.

It is equivalent to an L2 broadcast domain, which enables its endpoints to communicate as if they were part of the same LAN.

Instance

Virtual Machine.

vPort

It is attached to a Virtual Machine or to a host and bridge interface.

It provides connectivity to BMS and VLANs.

It can be created or auto-discovered.

L2Domain

An L2 Domain is a distributed logical switch that enables L2 communication.

An L2 Domain template can be started as often as required.

This creates functioning L2 Domains.

Network Macro

Organization-wide defined macros that can be used as a destination of a policy rule.

For example, you can create a network that represents your internal Internet access.

You can then use it as a destination of a policy rule to drop any packet that is arrives from a particular port.

Network Macro Group

A collection of existing Network Macros.

These groups can be used in Security Policies to create rules that match multiple Network Macros.

Imported Properties

Imported Property

Description

Name

Resource name as shown in the Nuage console.

User can edit the name after importing the object.

Name in Data Center

Resource name as shown in the Nuage console.

Type in Data Center

Resource type.

IP

Associated IP address.

Note

  • Instances - "Auto generated" description.
  • Domain - Comment on domain object inserted in VSD.
  • Subnet - Subnet IP address in CIDR format.
  • Zone - Comment on zone object inserted in VSD.
  • vPort - Auto-generated description.

URI

Object path.