Print Download PDF Send Feedback

Previous

Next

CloudGuard Controller for Cisco ACI

CloudGuard Controller integrates the Cisco ACI fabric with Check Point security.

The Check Point Data Center Server connects to the ACI fabric and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group. It supports the connection to an APIC cluster for redundancy.

To learn more, see vSEC for ACI Managed by R80.10 Security Management Server Administration Guide for R80.10.

Prerequisites:

Connecting to a Cisco ACI APIC Data Center Server

Step

Description

1

In SmartConsole, create a new Data Center object in one of these ways:

  • In the top left corner, click Objects menu > More object types > Server > Data Center > New Cisco APIC.
  • In the top right corner, click Objects Pane > New > More > Server > Data Center > Cisco APIC.

2

In the Enter Object Name field, enter the desired name.

3

In the URLs field, enter the addresses of APIC cluster members, delimited with a semicolon (;).

Important - These addresses can be HTTP or HTTPS, but not mixed.

4

In the Username field, enter your APIC service username.

If you use login domains for APIC authentication, the username format is:

apic:<domain>\<username>

5

In the Password field, enter your APIC password.

6

Click Test Connection.

7

Click OK.

8

Publish the session.

Cisco APIC Objects

Object

Description

Tenant

A logical separator for customers, BU, groups, traffic, administrators, visibility, and more.

Application Profile

A container of logically related EPGs, their connections, and the policies that define those connections.

End-Point Group (EPG)

A container for objects that require the same policy treatment.

Examples of these are app tiers or services (usually, VLAN).

L2 Out

A bridged external network.

L2 External EPG

An EPG that represents external bridged network endpoints.