Step |
Description |
---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter the desired name. |
3 |
In the Hostname field, enter the IP address or hostname of your vCenter or NSX Manager server. |
4 |
In the Username field, enter your VMware administrator username. |
5 |
In the Password field, enter your VMware administrator password. |
6 |
Click Test Connection. |
7 |
Click OK. |
8 |
Publish the session. |
The Check Point Data Center Server connects to the VMware vCenter and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects.
You must have a VMware vCenter username with at least Read-Only permissions.
The CloudGuard Controller integrates the VMware NSX Manager Server with Check Point security.
The Check Point Data Center Server connects to the VMware NSX Manager Server and retrieves object data.
The CloudGuard Controller updates IP addresses and other object properties in the Data Center Objects group.
You must have a VMware NSX username with permission of an Auditor or greater to access the CloudGuard Controller.
Note - This role is sufficient for CloudGuard Controller functionality. More permissions can be required for service registration (vSEC Gateway for NSX).
Objects
Object |
Description |
---|---|
Cluster |
A collection of ESXi hosts and associated Virtual Machines configured to work as a unit. |
Datacenter |
An aggregation of many object types required to work in a virtual infrastructure. These include hosts, Virtual Machines, networks, and datastores. |
Folder |
Lets you group similar objects. |
Host |
The physical computer where you install ESXi. All Virtual Machines run on a host. |
Resource pool |
Compartmentalizes the host or cluster CPU and memory resources. |
Virtual machine |
A virtual computer environment where a guest operating system and associated application software runs. |
vSphere vApp |
A packaging and managing application format. A vSphere vApp can contain multiple Virtual Machines. |
Tags |
All the Virtual Machines tagged with the vCenter tag. Note - This is supported with vCenter 6.5 and above. |
Imported Properties
Imported Property |
Description |
---|---|
IP |
IP address or Hostname of vCenter Server. You must install VMware Tools on each Virtual Machine to retrieve the IP addresses for each computer. |
Note |
VMware vCenter object notes. |
URI |
Object path. |
Objects
Object |
Description |
---|---|
Security Group |
Enables a static or dynamic grouping, based on objects such as Virtual Machines, vNICs, vSphere clusters, logical switches, and so on. |
Universal Security Group |
Enables defining a Security Group across VMware NSX managers. Note - Import these objects separately for each VMware NSX manager. |
Imported Properties
Imported Property |
Description |
---|---|
IP |
All the Security Group IP addresses |
Note |
Description value of a Security Group |
URI |
Object path |
Threat Prevention Tagging:
Threat Prevention Tagging automatically assigns Security Tags to Data Center objects based on Threat Prevention analysis and group affiliation.
This enables the usage of dynamic Security Groups in policy rules.
Enable Threat Prevention Tagging for Anti-Bot and Anti-Virus services to the CloudGuard for NSX Gateway.
When a threat from an infected Virtual Machine reaches the Security Gateway and is denied entry, it is tagged as an infected Virtual Machine in the NSX Manager.
To apply Threat Prevention Tagging, deploy the CloudGuard Gateway for NSX service and enable Threat Prevention on the CloudGuard for NSX. See vSEC for NSX Managed by the R80.10 Security Management Server Administration Guide.
To activate Threat Prevention tagging:
Step |
Description |
---|---|
1 |
Connect to the command line on the CloudGuard for NSX Gateway. |
2 |
Log in to Gaia Clish, or Expert mode. |
3 |
Enable the tagging. Run:
|
4 |
Select Activate Cluster. CloudGuard for NSX Clusters with active Anti-Bot and/or Anti-Virus Software Blades on them appear. |
5 |
Select the Cluster. Make sure Cluster activated successfully shows. |
When it is activated, the Cluster automatically tags infected Virtual Machines in the NSX Manager Server. The Security Tags are:
Check_Point.BotFound
Check_Point.VirusFound
The Security Tags are created automatically in the NSX Manager Server when the Cluster is activated.
When Security Tags are configured, you can create policy rules based on the Security Groups that contain those tags.
Advanced options:
Use advanced menu options to configure the tags.
Option |
Description |
---|---|
Show Activated gateways |
Lists the activated Clusters and the status of each CloudGuard for NSX Gateway. |
Modify Anti-Bot Security Tag |
Enables or disables the tagging for the Anti-Bot Software Blade and change the Security Tag. |
Modify Anti-Virus Security Tag |
Enables or disables the tagging for the Anti-Virus Software Blade and change the Security Tag. |
Modify White List |
IP Addresses listed in the White List are not tagged. Separate with spaces. Ranges are not accepted. |
Create New Security Tag |
Creates a new Security Tag in the NSX Manager Server. |
Update Data |
When you add a new ESX to a Cluster, CloudGuard for NSX Gateway automatically updates the Threat Prevention Tagging data within 15 minutes. Select this option to update the data manually on the new CloudGuard for NSX Gateway. |
In SmartConsole, in the Logs & Monitor view, see CloudGuard Tagging in the Blade column.
Message |
Description |
---|---|
|
Threat Prevention tagging successfully tagged a Virtual Machine due to malicious traffic. |
|
An IP address appears twice in the ESX. Tagging this prevents false positive tagging of Virtual Machines with duplicate IP addresses in the ESX. |
|
Failed to get a Data Center object from the R80.30 Security Management Server API. Check that there is a trusted connection for CloudGuard Controller. |
|
Virtual Machine IP address is on the Whitelist and the Threat Prevention tag is ignored. |