Getting Started

CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. is a process that runs on the Check Point Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

Important:

  1. When you install R81.10 CloudGuard Controller, these files are overwritten with default values:

    • $MDS_FWDIR/conf/vsec.conf

    • $MDS_FWDIR/conf/tagger_db.C

    • $MDS_FWDIR/conf/AWS_regions.conf

  2. Before you start the upgrade, back up all files that you changed.

Note - During the upgrade, CloudGuard Controller does not communicate with the Data CenterClosed Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data.. Therefore, Data Center objects are not updated on the CloudGuard Controller or the Security Gateways.

Best Practice - Starting R81.10 Jumbo Hotfix Accumulator Take 171, CloudGuard Controller updates are performed automatically. For more information, refer to sk181842.

Supported Security Gateways

R81.10 CloudGuard Controller can manage these Security Gateways:

See the R81.10 Release Notes.

  • R80.10 and higher

  • R77.30

  • R77.20

  • Maestro Security Groups with R80.20SP and higher

  • Scalable Chassis 40000 / 60000 with R80.20SP and higher

Note - Support for Data Center Query Objects is from R80.10 and above.

Activating the Identity Awareness Software Blade

Step

Instructions

1

Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

2

From the left navigation panel, click Gateways & Servers.

3

Create a new Host object with these settings:

  • Name: LocalHost

  • IPv4 address: 127.0.0.1

4

Open the applicable Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object.

5

From the left tree, click the General Properties page.

6

On the Network Security tab, select the Identity Awareness Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.:

  1. The Identity Awareness Configuration wizard opens.

  2. In the Methods for Acquiring Identity window, clear the AD Query option, if you do not use it.

  3. Click Cancel.

7

From the left tree, click the Identity Awareness page.

8

Select Identity Web API and click Settings.

9

Configure the Identity Web API settings:

  1. In the section Authorized Clients, click [+] and select the Host object you created earlier (LocalHost).

  2. In the Selected Client Secret field, enter your secret word, or generate a random secret.

  3. Click OK.

Note - If you add more than one authorized client host, the host that represent 127.0.0.1 must be the first item in the Authorized Clients list of the Identity Web API.

10

Click OK.

11

Install the Access Control Policy.