Workflow for Deploying a CloudGuard Controller
CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. is a process that runs on the Check Point Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..
|
Important:
|
|
Note - During the upgrade, CloudGuard Controller does not communicate with the Data Center |
Supported Security Gateways
R81 CloudGuard Controller can manage these Security Gateways:
-
R80.10 and higher
-
R77.30
-
R77.20
-
Maestro Security Groups with R80.20SP and higher
-
40000 / 60000 Scalable Chassis with R76SP.50 Jumbo Hotfix Accumulator
Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. Take 20 and higher
|
Important - To use the CloudGuard Controller with R77.20 and R77.30 Security Gateways (with R77.30 Jumbo Hotfix |
|
Note - Support for Data Center Query Objects is from R80.10 and above. |
Activating the Identity Awareness Software Blade
Note - Do Step 1 only one time. Do steps 2,3, and 4 do for each Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. that needs to enforce a policy with CloudGuard Controller objects.
-
Connect with SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
-
Create a Host object with the main IPv4 address
127.0.0.1
and click OK.Example:
-
From the left navigation panel, click Gateways & Servers.
-
Double-click the Security Gateway object.
-
Enable the Identity Awareness Software Blade
Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..
-
From the left tree, click Identity Awareness.
-
Enable the Identity Web API.
Example:
-
On the right side of the Identity Web API, click Settings.
-
In the Authorized Clients section:
-
Click the green [+]
-
Select the Host object with the IP address
127.0.0.1
-
Click OK
-