CloudGuard Controller integrates the Microsoft Azure cloud with Check Point security.
The Check Point Data Center Server connects to the Microsoft Azure cloud and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.
Step |
Description |
---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter the desired name. |
3 |
Select the applicable authentication method:
If you choose Service Principal (default):
You can create the Service Principal in the Azure Portal, with the Azure Powershell, or with the Azure CLI. If you choose Azure AD User Authentication:
The minimum recommended permission is Reader. You can assign the Reader permission in one of these ways:
Note - If you have less permissions, some of the functionality might not work. |
4 |
Click Test Connection. |
5 |
Click OK. |
6 |
Import objects from your Microsoft Azure server to your policy (for more about these objects, see the next sections).
Note - All changes in Microsoft Azure are updated automatically with the Check Point security policy. Users with permissions to change Resource Tags in Microsoft Azure may be able to change their access permissions. |
7 |
Install the Access Control Policy. |
Objects
Object |
Description |
---|---|
Subscription |
Helps you organize access to your cloud components. |
Virtual Network |
Represents your Microsoft Azure Virtual Network (VNET) in the cloud. |
Subnet |
A range of IP addresses in a VNET. A VNET can be divided into many subnets. |
Virtual Machine (VM) |
Virtual computing environment. |
Virtual Machine Scale Set (VMSS) |
Manages sets of Virtual Machines. |
Resource Group |
Holds the components of your subscription as a group. |
Network Security Group (NSG) |
NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to the Virtual Machines instances in a Virtual Network. NSGs can be associated with either subnets or individual Virtual Machines instances within that subnet. |
Imported Properties
Imported Property |
Description |
---|---|
Name |
Name of the object and of the object Resource Group. Format is: The user can edit the name after importing the object. |
Name in server |
Name of the object and of the object Resource Group. Format is: |
Type in server |
Object type. |
IP address |
Virtual Machines or VMSS IP addresses. In the case of subnets, NSGs or Tags, the field contains a list of all the IP addresses in the container. |
Note |
Contains the address prefixes for VNETs and subnets. |
URI |
Object path. |
Tags |
Keys and Values attached to the Object. |
Location |
Physical location in Microsoft Azure. |
The Microsoft Azure Auto Scaling service with the Check Point Auto Scaling group can increase or decrease the number of CloudGuard Gateways according to the current load.
CloudGuard Controller for Microsoft Azure can work with the Check Point Auto Scaling Group.
The Check Point Security Management Server can update Data Center objects automatically on the Check Point Auto Scaling group.
Enable the Identity Awareness Software Blade as explained in Auto Scaling in Microsoft Azure, sk115533, Section 6-A - Enabling additional Software Blades.