Configuration Parameters

The CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. uses configuration parameters that can be adjusted to your specific needs. The following section provides a list of the configuration parameters including their description, minimum and maximum value, and the command to force the parameter's update.

CloudGuard Controller can be configured using various parameters in the vsec.conf file.

Location of the vsec.conf file:

Important - All configuration values are read from the vsec.conf file only when CloudGuard Controller is loaded. In case one of the parameters was changed CloudGuard Controller must be restarted.

Global Parameters

Notes:

The global section of the vsec.conf file starts with: # Global scanner
Global parameters apply to all Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. types, unless the parameter is changed in the specific Data Center type section.

If a specific parameter is deleted from the specific Data Center type section, the value is taken from the global section - only for that relevant parameter.

Parameter	Default Value	Min / Max Value	Unit	Description	Command to Reload the Parameter's Value
`scannerInterval=30`	30	Min = 1	second	This parameter is relevant for scanners which work in "polling" mode and not with notifications. Every X seconds the scanner automatically pulls data.	`vsec stop ; vsec start`
`enforcementUpdateIntervalTime=10`	10	Min = 1	second	The time, during which the CloudGuard Controller will enforce Data Center objects onto the CloudGuard Gateway. The entered value only describes the initiation of the enforcement action.	`vsec stop ; vsec start`
`enforcementSessionTimeoutInMinutes=4320`	4320	Min = 5 Max = 43200	minute	The value assigned to this parameter represents the time during which the session exists on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. When there is no connectivity between the CloudGuard Controller and the Security Gateway, the value assigned to this parameter will not be updated by the CloudGuard Controller. As a result, the session is considered empty, and the enforcement of rules (that contain Data Center object(s)) is ignored and goes to the next rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..	`vsec stop ; vsec start`
`autoUpdateIntervalInSeconds=30`	30	Min = 5	second	The `autoUpdate` checks the status of all the Data Center objects that were imported once every X seconds, and then updates the delta (as in, objects deleted, IP address changed, and more).	`vsec stop ; vsec start`

Parameters for Data Center Types

To override a Global parameter for a specific Data Center type, add or edit the parameter in the specific Data Center section using the Data Center prefix.

For example, when using the parameter connectTimeoutInMilliseconds with the VMware NSX Data Center type, enter:

nsx.connectTimeoutInMilliseconds

Parameter	Default Value	Min/Max Value	Unit	Description
`connectTimeoutInMilliseconds`	15000	Min = 5000	millisecond	Specifies the maximum timeout when establishing a connection with the Data Center.
`readTimeoutInMilliseconds`	20000	Min = 5000	millisecond	Specifies the maximum read timeout when a connection is established for reading the Data Center objects.