CloudGuard Controller for Microsoft Azure
CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. integrates the Microsoft Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. cloud with Check Point security.
|
Important - The CloudGuard Controller server clock must be synchronized with the current, local time. Use of a NTP server is recommended. Time synchronization issues can cause polling information from the cloud to fail. |
Connecting to a Microsoft Azure Data Center Server
To connect to a Microsoft Data Center Server:
|
Best Practice - In Microsoft Azure create a service principal (see this article for details) and assign relevant rights. The minimum recommended permission is Reader. You can assign the Reader permission in one of these ways:
|
Step |
Instructions |
||
---|---|---|---|
1 |
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create a new Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. object in one of these ways:
|
||
2 |
In the Enter Object Name field, enter a name. |
||
3 |
Select the applicable authentication method:
|
||
4 |
If you selected Service Principal Authentication (default):
If you select Azure AD User Authentication:
The minimum recommended permission is Reader. You can assign the Reader permission in one of these ways:
|
||
5 |
Click Test Connection. |
||
6 |
Click OK. |
||
7 |
Import objects from your Microsoft Azure server to your policy (for more about these objects, see the next sections).
|
||
8 |
Publish the SmartConsole session. |
||
9 |
Install the Access Control policy on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object. |
Azure Objects and Properties
Azure Objects
Object |
Description |
---|---|
Subscription |
Helps you organize access to your cloud components. |
Virtual Network |
Represents your Microsoft Azure Virtual Network Environment of logically connected Virtual Machines. (VNET) in the cloud. |
Subnet |
A range of IP addresses in a VNET. A VNET can be divided into many subnets. |
Virtual Machine (VM) |
Virtual computing environment. |
Virtual Machine Scale Set (VMSS) |
Manages sets of Virtual Machines. |
Network Security Group (NSG) |
NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to the Virtual Machines instances in a Virtual Network. NSGs can be associated with either subnets or individual Virtual Machine instances in that subnet. |
Load Balancer |
Load Balancer distributes incoming traffic that arrives into the Load Balancer's frontend to backend pool instances, according to rules and health probes. |
Tags |
Keys and values attached to the object. |
Private Endpoint |
A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service powered by Azure Private Link. By enabling a private endpoint, you're bringing the service into your virtual network. Note: Supported starting Jumbo HFA for R81 Take 51. Refer to Jumbo Hotfix Accumulator for R81 > PRJ-29515, VSECC-1418. |
Azure Imported Properties
Imported Property |
Description |
---|---|
Name |
Name of the object and the object's Resource Group Format is: The user can edit the name after importing the object. |
Name in server |
Name of the object and the object's Resource Group Format is: |
Type in server |
Object type |
IP address |
|
Note |
Contains the address prefixes for VNETs and subnets |
URI |
Object path |
Tags |
Keys and Values attached to the Object |
Location |
Physical location in Microsoft Azure |
Auto Scaling in Microsoft Azure
The Microsoft Azure Auto Scaling service with the Check Point Auto Scaling group can increase or decrease the number of CloudGuard Gateways according to the current load.
CloudGuard Controller for Microsoft Azure can work with the Check Point Auto Scaling Group.
The Check Point Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. can update Data Center objects automatically on the Check Point Auto Scaling group.