Integrating with Data Center Servers
Connecting to a Data Center Server
The Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. connects to the Software-defined data center (SDDC Software-Defined Data Center. Data Center infrastructure components that can be provisioned, operated, and managed through an API for full automation.) through the Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. server object on SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
Step |
Instructions |
---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter a name. |
3 |
Enter the connection and credentials information. |
4 |
To establish a secure connection, click Test Connection. If the certificate window opens, confirm the certificate and click Trust. |
5 |
Click OK when the Connection Status changes to Connected. If the status is not Connected, troubleshoot the issues before you continue. |
6 |
Click OK. |
7 |
Publish the SmartConsole session. |
8 |
Install the Access Control policy on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object. |
|
Notes:
|
Creating Rules with Data Center Objects
You can add Data Center objects and Data Center Query objects to the Source and/or Destination columns of Access Control rules and Threat Prevention rules. In addition, Data Center objects (but not Data Center queries) can be added to the NAT policy.
Step |
Instructions |
---|---|
1 |
In SmartConsole, from the left navigation panel, click Security Policies. |
2 |
At the top, click Access Control > Policy. |
3 |
In the applicable rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., in the Source or Destination column, click + to add new items. |
4 |
Click Import. |
5 |
Select an existing Data Center object. Alternatively, click Data Centers > New Data Center > applicable Data Center. |
6 |
Install the Access Control Policy. |
Step |
Instructions |
---|---|
1 |
In SmartConsole, from the left navigation panel, click Security Policies. |
2 |
At the top, click Threat Prevention > Policy. |
3 |
In the applicable rule, in the Source or Destination column, click + to add new items. |
4 |
In the top right corner, click Import. |
5 |
Select an existing Data Center object. Alternatively, click Data Centers > New Data Center > applicable Data Center. |
6 |
Install the Threat Prevention Policy. |
Data Center Query Objects
Overview
With Data Center Query Objects, administrators can now create one Query Object based on attributes across multiple data centers. This simplifies the work when administrators create policies for multiple rules, because they only need to use one query object for data center objects from multiple data centers. Furthermore, admins can create the policy even before they configure a data center in SmartConsole. This makes it easier to separate responsibilities between security admins and others teams that possibly need to create data centers in SmartConsole.
The new Query object is used in the same way as Data Center objects. As with Data Center Objects, when the Data Center Query is added to the Rule base All rules configured in a given Security Policy. Synonym: Rulebase. the CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. pulls the assets from all the Data Centers in the query object and updates the gateway so.
Earlier versions require you to use multiple tag objects for multiple accounts.
-
Rules must be must be updated for every data center added.
-
Rules cannot have the logic for only Instances or Load Balancers.
With uses Data Center Query objects:
-
No need to update the rule when new data center(s) is added.
-
Rule can include complex
OR
andAND
operations to better the policy.
Note - Rule No. 1 is without Data Center Query, Rule No 2 is with Data Center Query.
Creating Rules with Data Center Query Objects
To add Data Center Query to a rule:
You can add a Data Center Query to the Source and/or Destination columns of Access Control rules and Threat Prevention rules.
In the Rulebase, in the Source and/or Destination columns, click + and it from the list of items.
-or-
Click the + button > New > Data Center Query.
Configuring Data Center Query Objects in SmartConsole
Step 1: Create a Data Center Query Object.
-
Go to SmartConsole > Cloud > Data Center Queries > New.
-
Add the applicable Data Center(s).
-
Configure the Query Rules to match the value used for Type, Name, and IP in the Import Data Center window.
Type in Data Center
Type in Data Center, such as Instance, Virtual Machine, Load Balancer, Subnet, Availability Zone, and more.
Note: You cannot query Tag, Tag Value, or Tag Key with Type in data center.
Name in Data Center
The asset's name
IP address
The asset's IP address
Customer tag
Free text key and value. If you have only Tags with keys without values, you can set the Tag with key only and keep the value empty and the CloudGuard Controller enforce all the assets which have this Tag key.
Note - All object IP addresses that match the query are updated on the Security Gateway.
-
Optional: To review the query, click Preview Query.
-
Click OK.
Step 2: Add the Data Center Query object from Step 1 to the Rule base.
Step 3: Install the Access Control policy on the Security Gateway object.
Check Point Management API
The Check Point Management API includes Data Center commands to add, delete, set, and show Data Center Servers and their contents, and to show, delete, and import Data Center objects.
Use the API to automate Data Center security management and monitoring.
To change the API configuration and to learn more: