R80 vSEC Controller supports up to 1000 virtual objects in the Data Center Server. Performance may be affected if you have more objects.
01680567
If the Virtual Machine belongs to more than one Data Center Group, the name in the vSEC Gateway log can be associated with the wrong Data Center Group.
01682838
Certificates are not transferred between High Availability members. If the import menu freezes, then reset SIC between the CMS and Security Management Server / Domain Management Server.
01682786
If you click "show 20 more" in the cloud object import list, there are duplicate entries. This issue is fixed if you close the picker window and open it again.
01680565; 01625764; 01618134
Data Center Group content is not synchronized with VMware vCenter.
Management High Availability
01951398
High Availability of Multi-Domain Security Management Servers is not supported.
01682838
Certificates are not transferred between High Availability members. If the import menu freezes, then reset SIC between the CMS and Security Management Server / Domain Management Server.
Introduction
This section describes the R80 vSEC Controller v1 components:
Component
Description
Mandatory:
R80 vSEC Controller v1 Hotfix
and
R80 vSEC Controller v1 Enforcer Hotfix
and
R80 SmartConsole
R80 vSEC Controller Hotfix must be installed on R80 Security Management Server / Multi-Domain Security Management Server (which makes it a vSEC Controller server) in order to fetch Data Center objects from VMware NSX / VMware vCenter, Cisco APIC, and use them in Check Point policy.
R80 Security Management Server / Multi-Domain Security Management Server with installed R80 vSEC Controller v1 Hotfix is able:
to fetch Data Center objects from VMware NSX / VMware vCenter, and Cisco APIC.
to manage only the following Security Gateways:
Security Gateways R77.30 and R77.20 only, with installed vSEC Controller Enforcer Hotfix, whose policy contains Data Center objects
Security Gateways R75.20 and above, whose policy must not contain any Data Center objects
vSEC Controller v1 Hotfix must be installed on Check Point Security Management Server / Multi-Domain Security Management Server (which makes it a vSEC Controller) in order to fetch Data Center objects from VMware NSX / VMware vCenter, and Cisco APIC, and use them in Check Point policy.
R80 vSEC Controller v1 Enforcer Hotfix must be installed on Check Point Security Gateway to turn it into vSEC Gateway and accept a policy that contains Data Center objects from the vSEC Controller.
SmartConsole for vSEC Controller server is the graphical UI for controlling and configuring the Check Point Management Server and its managed Check Point Security Gateways. The improved SmartConsole for vSEC Controller server allows the administrator to create and work with Data Center objects.
Optional:
R80 vSEC Service Registration Hotfix
This package installs modules on Check Point vSEC Controller server that are required by VMware NSX / Cisco ACI.
R80 vSEC Controller with installed R80 vSEC Service Registration Hotfix is able:
to deploy Check Point service in Hypervisor Mode to VMware NSX (using OVF), and to Cisco ACI.
to manage vSEC Gateways for VMware NSX in Hypervisor Mode (sk111966).
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
Unpack and install the hotfix package: [Expert@HostName:0]# cd /some_path_to_fix/ [Expert@HostName:0]# tar -zxvf Check_Point_<Version>_vSEC_Controller_Enforcer_Hotfix1_Gaia_sk111963.tgz [Expert@HostName:0]# ./fw1_wrapper_<HOTFIX_NAME> Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
Reboot the machine.
On R77.20 Security Gateway, only Legacy CLI installation is supported.