CloudGuard Controller for Nuage Virtualized Services Platform (VSP)
The CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. integrates the Nuage cloud with Check Point security.
Connecting to a Nuage Data Center
Step |
Instructions |
---|---|
1 |
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create a new Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. object in one of these ways:
|
2 |
In the Enter Object Name field, enter the applicable name. |
3 |
In the Hostname field, enter the IP address or hostname of the Nuage server. Important - The addresses can be either HTTP or HTTPS, but not both. The Nuage version is set by default to 4.0 and the port to 8443. |
4 |
In the Username field, enter your Nuage administrator username. |
5 |
In the Organization field, enter your organization name or enterprise. |
6 |
In the Password field, enter your Nuage administrator password. |
7 |
Click Test Connection. |
8 |
Click OK. |
9 |
Publish the SmartConsole session. |
10 |
Install the Access Control policy on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object. |
Nuage Objects and Properties
Nuage Imported Objects
Object |
Description |
---|---|
Enterprise |
A logical separator for customers, BU, groups, traffic, administrators, visibility, and more. |
Domain |
A logical network that enables L2 and L3 communication among a set of Virtual Machines. |
Security Zone |
A set of network endpoints that have to agree with the same Security Policies Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. |
Policy Group |
Collections of vPorts and/or IP addresses that are used as building blocks for Security Policies that include multiple endpoints. Add one or more vPorts to a policy group using this interface. A policy group can also represent one or more IP/MAC addresses that it learned from external systems from BGP route advertisements based on origin. |
Subnet |
Subnets are defined under a zone. It is equivalent to an L2 broadcast Domain, which enables its endpoints to communicate as if they were part of the same LAN. |
Instance |
Virtual Machine. |
vPort |
It is attached to a Virtual Machine or to a host and bridge interface. It provides connectivity to BMS and VLANs. It can be created or auto-discovered. |
L2Domain |
An L2 Domain is a distributed logical switch that enables L2 communication. An L2 Domain template can be started as often as required. This creates functioning L2 Domains. |
Network Macro |
Organization-wide defined macros that can be used as a destination of a policy rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. For example, you can create a network that represents your internal Internet access. You can then use it as a destination of a policy rule to drop any packet that arrives from a particular port. |
Network Macro Group |
A collection of existing Network Macros. These groups can be used in Security Policies to create rules that match multiple Network Macros. |
Nuage Imported Properties
Property |
Description |
---|---|
Name |
Resource name as shown in the Nuage console User can edit the name after importing the object. |
Name in Data Center |
Resource name as shown in the Nuage console |
Type in Data Center |
Resource type |
IP |
Associated IP address |
Note |
|
URI |
Object path |