CloudGuard Controller for Oracle Cloud Infrastructure (OCI)

Important - The CloudGuard Controller Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security. server clock must be synchronized with the current, local time. Use of a NTP server is recommended. Time synchronization issues can cause polling information from the cloud to fail.

Connecting to an OCI Data Center with SmartConsole

Step	Instructions
1	In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create a new Data Center Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. object in one of these ways: In the top left corner, click Objects menu > More object types > Server > Data Center > New Oracle Cloud. In the top right corner, click Objects Pane > New > More > Server > Data Center > Oracle Cloud.
2	In the Enter Object Name field, enter a name.
3	Select the applicable authentication method: API Key Authentication A user generated API key will be uploaded to the Management machine to authenticate with OCI. This API key must be configured with read permissions for all resources in the tenancy. User id: The id of the user the key belongs to Tenancy id: The tenancy the key belongs to Region id: The region to scan API key: Secret key VM Instance Authentication Tells the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. it is a VM in OCI with inspect permissions. It requires that the Management Server be installed in OCI and is part of a dynamic group with a policy that provides read permissions for all resources in the tenancy.
4	Click Test Connection.
5	Click OK.
6	Publish the SmartConsole session.
7	Install the Access Control policy on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. object.

Connecting to an OCI Data Center Server with Management API

Go to Management API Reference > Click on see arguments per Data Center Server type and select Oracle Cloud.

Connecting to an OCI Data Center Server with Terraform

See https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest.

OCI Objects and Properties

OCI Objects

Object	Description
VPC	Oracle Cloud Infrastructure enables you to launch resources into your Virtual Network Environment of logically connected Virtual Machines..
Subnet	All the IP addresses from the Network Interfaces related to this subnet.
Instance	Virtual computing environments.
Tags	Groups all the objects that have the same Tag Key and Tag Value.

Notes:

CloudGuard Controller truncates leading and trailing spaces in Tag Keys and Tag Values.
All changes in OCI are updated automatically with the Check Point Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..

Users with permissions to change resource tags in OCI can change their access permissions.

OCI Imported Properties

Property	Description
Name	Resource name as shown in the OCI console. User can edit the name after importing the object.
Name in Server	Resource name as shown in the OCI console.
Type in Server	Resource type.
IP	Associated private and public IP addresses.
Note	CIDR for subnets and VPC objects.
URI	Object path.
Tags	Tags (Keys and Values) that are attached to the object.

Enable IPv6

OCI CloudGuard Controller supports the import of IPv6 addresses starting R82 CloudGuard Controller self-updatable package Take 22.

Note: This object is disabled by default. To enable it:

Edit the vsec.conf file on the Management Server ($FWDIR/conf/ on Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., $MDSDIR/conf/ on Multi-Domain Security Management Server) and in the oracle (OCI) Data Center section, add the line:

oracle.collectIpv6=true
Restart the CloudGuard Controller with the command:

vsec stop;vsec start

For more information, refer to Configuration Parameters