Workflow for Deploying a CloudGuard Controller

CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. is a process that runs on the Check Point Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..


  1. When you install R81 CloudGuard Controller, these files are overwritten with default values:

    • $MDS_FWDIR/conf/vsec.conf

    • $MDS_FWDIR/conf/tagger_db.C

    • $MDS_FWDIR/conf/AWS_regions.conf

  2. Before you start the upgrade, back up all files that you have changed.

Note - During the upgrade, CloudGuard Controller does not communicate with the Data CenterClosed Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data.. Therefore, Data Center objects are not updated on the CloudGuard Controller or the Security Gateways.

Supported Security Gateways

R81 CloudGuard Controller can manage these Security Gateways:

Important - To use the CloudGuard Controller with R77.20 and R77.30 Security Gateways (with R77.30 Jumbo HotfixClosed Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior. Accumulator below Take 309), you must install the CloudGuard Controller / vSEC Controller Enforcer Hotfix (see sk129152) on those R77.20 and R77.30 Security Gateways.

Note - Support for Data Center Query Objects is from R80.10 and above.

Activating the Identity Awareness Software Blade

Note - Do Step 1 only one time. Do steps 2,3, and 4 do for each Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. that needs to enforce a policy with CloudGuard Controller objects.

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  2. Create a Host object with the main IPv4 address and click OK.


  3. From the left navigation panel, click Gateways & Servers.

  4. Double-click the Security Gateway object.

  5. Enable the Identity Awareness Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

  6. From the left tree, click Identity Awareness.

  7. Enable the Identity Web API.


  8. On the right side of the Identity Web API, click Settings.

  9. In the Authorized Clients section:

    1. Click the green [+]

    2. Select the Host object with the IP address

    3. Click OK