CloudGuard Controller for Nuage Virtualized Services Platform (VSP)

The CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. integrates the Nuage cloud with Check Point security.

Connecting to a Nuage Data Center with SmartConsole

Step

Instructions

1

In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create a new Data CenterClosed Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. object in one of these ways:

  • In the top left corner, click Objects menu > More object types > Server > Data Center > New Nuage.

  • In the top right corner, click Objects Pane > New > More > Server > Data Center > Nuage.

2

In the Enter Object Name field, enter the applicable name.

3

In the Hostname field, enter the IP address or hostname of the Nuage server.

Important - The addresses can be either HTTP or HTTPS, but not both. The Nuage version is set by default to 4.0 and the port to 8443.

4

In the Username field, enter your Nuage administrator username.

5

In the Organization field, enter your organization name or enterprise.

6

In the Password field, enter your Nuage administrator password.

7

Click Test Connection.

8

Click OK.

9

Publish the SmartConsole session.

10

Install the Access Control policy on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object.

Connecting to a Nuage Data Center Server with Management API

Go to Management API Reference > Click on see arguments per Data Center Server type and select Nuage.

Connecting to a Nuage Data Center Server with Terraform

See checkpoint_management_nuage_data_center_server.

Nuage Objects and Properties

Nuage Imported Objects

Object

Description

Enterprise

A logical separator for customers, BU, groups, traffic, administrators, visibility, and more.

Domain

A logical network that enables L2 and L3 communication among a set of Virtual Machines.

Security Zone

A set of network endpoints that have to agree with the same Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

Policy Group

Collections of vPorts and/or IP addresses that are used as building blocks for Security Policies that include multiple endpoints.

Add one or more vPorts to a policy group using this interface.

A policy group can also represent one or more IP/MAC addresses that it learned from external systems from BGP route advertisements based on origin.

Subnet

Subnets are defined under a zone.

It is equivalent to an L2 broadcast Domain, which enables its endpoints to communicate as if they were part of the same LAN.

Instance

Virtual Machine.

vPort

It is attached to a Virtual Machine or to a host and bridge interface.

It provides connectivity to BMS and VLANs.

It can be created or auto-discovered.

L2Domain

An L2 Domain is a distributed logical switch that enables L2 communication.

An L2 Domain template can be started as often as required.

This creates functioning L2 Domains.

Network Macro

Organization-wide defined macros that can be used as a destination of a policy ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

For example, you can create a network that represents your internal Internet access.

You can then use it as a destination of a policy rule to drop any packet that arrives from a particular port.

Network Macro Group

A collection of existing Network Macros.

These groups can be used in Security Policies to create rules that match multiple Network Macros.

Nuage Imported Properties

Property

Description

Name

Resource name as shown in the Nuage console

User can edit the name after importing the object.

Name in Data Center

Resource name as shown in the Nuage console

Type in Data Center

Resource type

IP

Associated IP address

Note

  • Instances - "Auto generated" description

  • Domain - Comment on domain object inserted in VSD

  • Subnet - Subnet IP address in CIDR format

  • Zone - Comment on zone object inserted in VSD

  • vPort - Auto-generated description

URI

Object path