Workflow for Deploying a CloudGuard Controller

CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. is a process that runs on the Check Point Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

Important: When you install R81 CloudGuard Controller, these files are overwritten with default values: $MDS_FWDIR/conf/vsec.conf $MDS_FWDIR/conf/tagger_db.C $MDS_FWDIR/conf/AWS_regions.conf Before you start the upgrade, back up all files that you have changed.

Note - During the upgrade, CloudGuard Controller does not communicate with the Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data.. Therefore, Data Center objects are not updated on the CloudGuard Controller or the Security Gateways.

Supported Security Gateways

R81 CloudGuard Controller can manage these Security Gateways:

• R80.10 and higher

• R77.30

• R77.20

• Maestro Security Groups with R80.20SP and higher

• 40000 / 60000 Scalable Chassis with R76SP.50 Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. Take 20 and higher

Important - To use the CloudGuard Controller with R77.20 and R77.30 Security Gateways (with R77.30 Jumbo Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulator below Take 309), you must install the CloudGuard Controller / vSEC Controller Enforcer Hotfix (see sk129152) on those R77.20 and R77.30 Security Gateways.

Note - Support for Data Center Query Objects is from R80.10 and above.

Activating the Identity Awareness Software Blade

Note - Do Step 1 only one time. Do steps 2,3, and 4 do for each Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. that needs to enforce a policy with CloudGuard Controller objects.

1. Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

2. Create a Host object with the main IPv4 address 127.0.0.1 and click OK.

   Example:

   

3. From the left navigation panel, click Gateways & Servers.

4. Double-click the Security Gateway object.

5. Enable the Identity Awareness Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

6. From the left tree, click Identity Awareness.

7. Enable the Identity Web API.

   Example:

   

8. On the right side of the Identity Web API, click Settings.

9. In the Authorized Clients section:

   1. Click the green [+]

   2. Select the Host object with the IP address 127.0.0.1

   3. Click OK