CloudGuard Controller Monitoring

Data Center Updates

CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. requires reliable connectivity to the Security Gateways to continuously update them with changes to the Data CenterClosed Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. objects.

The updates of Data Center objects include:

If the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. stops receiving updates for a Data Center Object, the Gateway has no way to verify that the object is still a valid object on the Data Center.

To create a balance between security and connectivity, each IP address of a Data Center object has a built-in expiration timer (aka Time To Live – TTL).

The CloudGuard Controller updates the IP addresses of the Data Center objects TTL on the Security Gateway to avoid TTL expiration.

However, if the Security Gateway(s) update fails continuously (for example, because of a lack of connectivity between the Management and the Security Gateway), the TTL of the IP address is not updated.

When the full TTL of the IP address is reached, the IP address expires, and security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. rules that use this IP of that Data Center object are no longer enforceable.

Due to the critical nature of Data Center Objects, it is highly recommended to monitor CloudGuard Controller status.

You can configure the TTL from 5 minutes to 30 days.

For more information, see the enforcementSessionTimeoutInMinutes parameter in the Configuration Parameters section.

CloudGuard Controller Logs and Events

To monitor the CloudGuard Controller, use any of these options:

Note - As the CloudGuard Controller uses Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. on the Security Gateway, the Security Gateway's kernel table limit can be reached in a scenario when there is a large number of IP addresses.

You can monitor and get a notification for this issue in SmartLog.

For details, refer to sk113833.

CloudGuard Controller Status

Options for checking the CloudGuard Controller status

Option

Description

On the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.

Follow these steps:

  1. Connect to the command line.

  2. Run: cpstat vsec

In SmartConsole

Follow these steps:

  1. From the left navigation panel, click Gateways & Servers.

  2. Select your Management Server object.

  3. At the bottom, from the Summary tab, click Device & License Information > Device Status.

SNMP Traps

To configure custom SNMP traps, refer to sk124532.

Creating a User Defined Event and Sending Alerts

The CloudGuard Controller is very critical component for the security of an organization.

If the CloudGuard Controller loses connection with a data center, for some reason, then there are no updates to the Gateways.

This a serious situation for any security administrator.

While administrators can monitor the SmartConsole logs in the office, there is also option to send critical CloudGuard Controller Events to an administrator's smartphone or email.

SmartTask

Starting in R81.20, there is a new SmartTask in SmartConsole for monitoring CloudGuard Controller.

SmartTasks let you configure automatic actions according to different triggers in the system. A SmartTask is a combination of trigger and action.

The trigger is a CloudGuard Controller Event that is activated when a new log is generated that matches this query in SmartConsole > Logging & Monitoring view > Logs tab:

blade:"CloudGuard IaaS" AND severity:Critical

For the action you can select: Run script, Execute a Web request, or Send mail.

For more information on SmartTasks, see the R82 Security Management Administration Guide.

Example: