CloudGuard Controller for Cisco Application Centric Infrastructure (ACI)
CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. integrates the Cisco ACI
Cisco® Application Centric Infrastructure. Comprehensive SDN architecture, policy-based automation solution for increased scalability through a distributed enforcement system with greater network visibility. Trademark of Cisco. fabric with Check Point security.
To learn more, see vSEC for ACI Managed by R80.10 Security Management Server Administration Guide for R80.10.
Prerequisites
-
Cisco ACI version 5.2 or lower.
-
You must have a Cisco ACI user role with at least read permissions for Tenant EPG.
Note - This role is sufficient for CloudGuard Controller functionality.
More permissions may be required for device package installation (CloudGuard for ACI).
-
Enable Bridge Domain unicast routing to allow IP address learning for EPGs on the Cisco ACI.
-
Define a subnet on the Bridge Domain to help the fabric maintain IP address learning tables.
This prevents time-outs on silent hosts that respond to periodic ARP requests.
-
Before you upgrade the Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., if you have a Cisco APIC
Cisco® Application Policy Infrastructure Controller. Automation and management point for the Cisco ACI fabric. It centralizes access to fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources. server, keep only one URL. After the upgrade, add the other URLs.
Connecting to a Cisco ACI Data Center Server
Step |
Instructions |
|
---|---|---|
1 |
In SmartConsole
|
|
2 |
In the Enter Object Name field, enter the applicable name. |
|
3 |
In the URLs field, enter the addresses of Cisco ACI Cluster Important - These addresses can be either HTTP or HTTPS, but not both. |
|
4 |
In the Username field, enter your Cisco APIC server User ID. When using Login Domains, use this syntax:
|
|
5 |
In the Password field, enter the Cisco APIC server password. |
|
6 |
Click Test Connection. |
|
7 |
Click OK. |
|
8 |
Publish the SmartConsole session. |
|
9 |
Install the Access Control Policy on the Security Gateway |
Cisco ACI Objects and Properties
Cisco ACI Imported Objects
Object |
Description |
---|---|
Tenant |
A logical separator for customers, BU, groups, traffic, administrators, visibility, and more. |
Application Profile |
A container of logically related EPGs, their connections, and the policies that define those connections. |
End-Point Group (EPG) |
A container for objects that require the same policy treatment. EPG examples : app tiers or services (usually, VLAN) |
L2 Out |
A bridged external network. |
L2 External EPG |
An EPG that represents external bridged network endpoints. |