CloudGuard Controller integrates the Cisco ACI fabric with Check Point security.
The Check Point Data Center Server connects to the ACI fabric and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group. It supports the connection to an APIC cluster for redundancy.
To learn more, see vSEC for ACI Managed by R80.10 Security Management Server Administration Guide for R80.10.
Prerequisites:
Note - This role is sufficient for CloudGuard Controller functionality. More permissions may be required for device package installation (CloudGuard for ACI).
Step |
Description |
---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter the desired name. |
3 |
In the URLs field, enter the addresses of APIC cluster members, delimited with a semicolon (;). Important - These addresses can be HTTP or HTTPS, but not mixed. |
4 |
In the Username field, enter your APIC service username. If you use login domains for APIC authentication, the username format is:
|
5 |
In the Password field, enter your APIC password. |
6 |
Click Test Connection. |
7 |
Click OK. |
8 |
Publish the session. |
Object |
Description |
---|---|
Tenant |
A logical separator for customers, BU, groups, traffic, administrators, visibility, and more. |
Application Profile |
A container of logically related EPGs, their connections, and the policies that define those connections. |
End-Point Group (EPG) |
A container for objects that require the same policy treatment. Examples of these are app tiers or services (usually, VLAN). |
L2 Out |
A bridged external network. |
L2 External EPG |
An EPG that represents external bridged network endpoints. |