Print Download PDF Send Feedback

Previous

Next

CloudGuard Controller for VMware Servers

Connecting to a VMware Server

Step

Description

1

In SmartConsole, create a new Data Center object in one of these ways:

  • In the top left corner, click Objects menu > More object types > Server > Data Center > New VMware vCenter, or New VMware NSX.
  • In the top right corner, click Objects Pane > New > More > Server > Data Center > VMware vCenter, or VMware NSX.

2

In the Enter Object Name field, enter the desired name.

3

In the Hostname field, enter the IP address or hostname of your vCenter or NSX Manager server.

4

In the Username field, enter your VMware administrator username.

5

In the Password field, enter your VMware administrator password.

6

Click Test Connection.

7

Click OK.

8

Publish the session.

CloudGuard Controller for VMware vCenter

The Check Point Data Center Server connects to the VMware vCenter and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects.

You must have a VMware vCenter username with at least Read-Only permissions.

CloudGuard Controller for VMware NSX Manager Server

The CloudGuard Controller integrates the VMware NSX Manager Server with Check Point security.

The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data.

The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.

You must have a VMware NSX username with permission of an Auditor or greater to access the CloudGuard Controller.

Note - This role is sufficient for CloudGuard Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).

VMware vCenter Objects

Objects

Object

Description

Cluster

A collection of ESXi hosts and associated Virtual Machines configured to work as a unit.

Datacenter

An aggregation of many object types required to work in a virtual infrastructure.

These include hosts, Virtual Machines, networks, and datastores.

Folder

Lets you group similar objects.

Host

The physical computer where you install ESXi. All Virtual Machines run on a host.

Resource pool

Compartmentalizes the host or cluster CPU and memory resources.

Virtual machine

A virtual computer environment where a guest operating system and associated application software runs.

vSphere vApp

A packaging and managing application format. A vSphere vApp can contain multiple Virtual Machines.

Tags

All the Virtual Machines tagged with the vCenter tag.

Note - This is supported with vCenter 6.5 and above.

Imported Properties

Imported Property

Description

IP

IP address or Hostname of vCenter Server.

You must install VMware Tools on each Virtual Machine to retrieve the IP addresses for each computer.

Note

VMware vCenter object notes.

URI

Object path.

VMware NSX Objects

Objects

Object

Description

Security Group

Enables a static or dynamic grouping, based on objects such as Virtual Machines, vNICs, vSphere clusters, logical switches, and so on.

Universal Security Group

Enables defining a Security Group across VMware NSX managers.

Note - Import these objects separately for each VMware NSX manager.

Imported Properties

Imported Property

Description

IP

All the Security Group IP addresses

Note

Description value of a Security Group

URI

Object path

Threat Prevention Tagging for CloudGuard for NSX Gateway

Threat Prevention Tagging:

Threat Prevention Tagging automatically assigns Security Tags to Data Center objects based on Threat Prevention analysis and group affiliation.

This enables the usage of dynamic Security Groups in policy rules.

Enable Threat Prevention Tagging for Anti-Bot and Anti-Virus services to the CloudGuard for NSX Gateway.

When a threat from an infected Virtual Machine reaches the Security Gateway and is denied entry, it is tagged as an infected Virtual Machine in the NSX Manager.

To apply Threat Prevention Tagging, deploy the CloudGuard Gateway for NSX service and enable Threat Prevention on the CloudGuard for NSX. See vSEC for NSX Managed by the R80.10 Security Management Server Administration Guide.

To activate Threat Prevention tagging:

Step

Description

1

Connect to the command line on the CloudGuard for NSX Gateway.

2

Log in to Gaia Clish, or Expert mode.

3

Enable the tagging. Run:

tagger_cli

4

Select Activate Cluster.

CloudGuard for NSX Clusters with active Anti-Bot and/or Anti-Virus Software Blades on them appear.

5

Select the Cluster.

Make sure Cluster activated successfully shows.

When it is activated, the Cluster automatically tags infected Virtual Machines in the NSX Manager Server. The Security Tags are:

The Security Tags are created automatically in the NSX Manager Server when the Cluster is activated.

When Security Tags are configured, you can create policy rules based on the Security Groups that contain those tags.

Advanced options:

Use advanced menu options to configure the tags.

Option

Description

Show Activated gateways

Lists the activated Clusters and the status of each CloudGuard for NSX Gateway.

Modify Anti-Bot Security Tag

Enables or disables the tagging for the Anti-Bot Software Blade and change the Security Tag.

Modify Anti-Virus Security Tag

Enables or disables the tagging for the Anti-Virus Software Blade and change the Security Tag.

Modify White List

IP Addresses listed in the White List are not tagged.

Separate with spaces. Ranges are not accepted.

Create New Security Tag

Creates a new Security Tag in the NSX Manager Server.

Update Data

When you add a new ESX to a Cluster, CloudGuard for NSX Gateway automatically updates the Threat Prevention Tagging data within 15 minutes.

Select this option to update the data manually on the new CloudGuard for NSX Gateway.

Threat Prevention Tagging Logs

In SmartConsole, in the Logs & Monitor view, see CloudGuard Tagging in the Blade column.

Message

Description

The Virtual Machine <VM ID> was tagged successfully with Security Tag '<Tag Name>' in NSX <NSX IP Address>

Threat Prevention tagging successfully tagged a Virtual Machine due to malicious traffic.

The IP address <VM IP Address> appears twice in the ESX <ESX IP Address>. The infected Virtual Machine was not tagged

An IP address appears twice in the ESX.

Tagging this prevents false positive tagging of Virtual Machines with duplicate IP addresses in the ESX.

Failed to get data from the Data Center <Data Center IP Address>

Failed to get a Data Center object from the R80.30 Security Management Server API.

Check that there is a trusted connection for CloudGuard Controller.

Threat Prevention Tag is ignored because the VM IP '<VM IP Address>' is on the White List

Virtual Machine IP address is on the Whitelist and the Threat Prevention tag is ignored.