Support Center > Search Results > SecureKnowledge Details
CloudGuard for NSX Technical Level
Solution

Table of Contents:

  1. Introduction to CloudGuard
  2. Components required for installation of CloudGuard Gateway for NSX
  3. CloudGuard Gateway for NSX
  4. CloudGuard Service Registration Hotfix
  5. Installation Instructions
  6. Documentation
  7. Previous Versions
  8. Revision History

(1) Introduction to CloudGuard

To learn more about Check Point's solutions and products, click here.  

CloudGuard solution CloudGuard product

CloudGuard for Private Cloud with SDN

Micro-segment your data center. Secure East-West traffic between applications.

CloudGuard for Public IaaS

Secure applications and connectivity in public clouds.

CloudGuard for Virtual Data Center

Virtual Security Gateway with integration to cloud management platforms.

Refer to CloudGuard for NSX Architecture Overview and sk111060 - ATRG: CloudGuard for VMware NSX.

(2) Components required for installation of CloudGuard Gateway for NSX

The following components are mandatory for installation of CloudGuard Gateway for NSX managed by CloudGuard Controller:

  • On the Management side, the following should be installed:

    # Component Description
    1

    Security Management Server /
    Multi-Domain Security Management Server

    Check Point's Management Server is the basic infrastructure to manage Check Point Security Gateways.

    2

    CloudGuard Controller Hotfix

    Installing this package on top of Check Point Management Server turns it into CloudGuard Controller server that is able:

    • to fetch Data Center objects from VMware NSX / VMware vCenter

    • to manage CloudGuard Gateways for NSX

    3

    CloudGuard Service Registration Hotfix

    This package installs modules on Check Point CloudGuard Controller server that are required by VMware NSX / VMware vCenter:

    • to deploy Check Point service in Hypervisor Mode to VMware NSX (using OVF)

    • to manage CloudGuard Gateways for VMware NSX in Hypervisor Mode

    4

    SmartConsole for CloudGuard Controller server

    This is the graphical UI for controlling and configuring the Check Point Management Server and its managed Check Point Security Gateways.

    The improved SmartConsole for CloudGuard Controller server allows the administrator to create and work with Data Center objects.

    Important Note: For Management Server R80.10 and above, use the standard SmartConsole R80.10 and above.

  • On the Gateway side, the following should be installed:

    # Component Description
    1

    CluodGuard Gateway for NSX - OVF template

    This is the standard OVF template that deploys Check Point Security Gateway as Service VM.

    2

    CloudGuard for NSX Hotfix

    Installing this package on top of Check Point Security Gateway updates the GW and align it with Check Point's maintrain R80.10 jumbo hf.

Refer to the following illustration:

(3) CloudGuard Gateway for NSX

  • What's New

    Show / Hide this section
  • Identity Awareness improvements
  • CloudGuard for NSX Gateway with R80.10 Jumbo Hotfix Take 203
  • Resolved Issues 

    Show / Hide this section
    ID Symptoms
    VSECNSX-691  CloudGuard for NSX Gateway with R80.10 Jumbo Hotfix Accumulator Take 203
  • CloudGuard Gateway for NSX Images and Hotfixes
    Show / Hide this section
    Package Link
    R80.10 CloudGuard Gateway for NSX (Take 154) - OVF Package (a) (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 154) - Upgrade package (b)(c) (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 203) - Upgrade package (b)(c) (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 225) - Upgrade package (TGZ)

  • Installation instructions appear in the Administration Guide - chapter "Configuring the Management Server" - section "Installing the CloudGuard Gateway OVF Files".
  • Refer to CloudGuard Gateway for NSX Administration Guide - section "Upgrading the CloudGuard Gateway for NSX",
  • For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a). Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.

(4) CloudGuard Service Registration Hotfix

What's New

Show / Hide this section
  • R80.30 Security Management Support
  • Stability fixes
  • Resolved Issues

    Show / Hide this section
    ID Symptoms
    VSECNSX-691 VSECNSX-911 CPVED creates views on vCenter and does not delete.  
    VSECNSX-855

    SIC status of CloudGuard Gateway objects changes from "Trusted" to "Uninitialized" after a connectivity issue between the CloudGuard Controller and NSX. 

      VSECNSX-942  CloudGuard Controller API communicates with VMware NSX 6.4.3 and later fails. 
    • CloudGuard Service Insertion Hotfix

      Show / Hide this section
      Package CPUSE
      Online Identifier
      CPUSE
      Offline
      Service Registration v7 Hotfix
      for R80.10 Management Server
      Check_Point_R80.10_VSR7_Bundle_T7_sk114518_FULL.tgz (TGZ)
      Service Registration v7 Hotfix
      for R80.20 Management Server
      Check_Point_R80.20_VSR7_Bundle_T8_sk114518_FULL.tgz (TGZ)
      Service Registration v7 Hotfix
      for R80.30 Management Server
      Check_Point_R80.30_VSR7_Bundle_T8_sk114518_FULL.tgz (TGZ)
      Service Registration v7 Hotfix
      for R80.40 Management Server
      Check_Point_R80.40_VSR7_Bundle_T9_sk114518_FULL.tgz (TGZ)

      1. For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a).
      2. Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.
      3. For CPUSE Offline installation instructions, refer to sk92449 - sections (4-A-c) / (4-A-d) and (4-B-a).

    (5) Installation Instructions

    Show / Hide this section

    1. Install Security Management Server / Multi-Domain Security Management Server:

    1. Install SmartConsole for Management Server.
    2. Enable the CloudGuard Controller by running the 'cloudguard on' command (refer to the relevant CloudGuard Controller Administration Guide, chapter "Integrating with Data Center Servers", section "Enabling the CloudGuard Controller")
    3. Install the Service Registration Hotfix on the Management Server. Refer to section 4 above for the supported Hotfixes and management versions.

    2. Install R80.10 CloudGuard for NSX:

    1. Installation instructions appear in the Administration Guide - chapter "Configuring the Management Server" - section "Installing the CloudGuard Gateway OVF Files".
    2. Refer to the above section for the supported images and Hotfixes.
    3. Refer to the above section: How to upgrade to R80.10 CloudGuard Gateway for NSX.

    3. How to upgrade to CloudGuard Service Registration

    1. Upgrade to Management Server if needed.
    2. Install the new CloudGuard Service Registration Hotfix. The Security Management Server with the new CloudGuard registration Hotfix re-attaches itself to a Gateway that has already been deployed. All services continue as they did before the upgrade.

    Important Notes about upgrading a CloudGuard Service Registration:

    • Upgrading to a newer Service Insertion Hotfix is applicable only from VSRv5.
    • After an upgrade from R80.10, the CloudGuard for NSX Cluster Members may appear without topology (PMTR-27720).
    • Refer to the instructions in sk141955. Only R80.10 Management with R80.10 jumbo Hotfix Take 112 is supported.

    4. How to upgrade to R80.10 CloudGuard Gateway for NSX

    You can upgrade the "R80.10 CloudGuard Gateway for NSX" manually, via the CLI or CDT. Refer to CloudGuard Gateway for NSX Managed by R80.20 Platforms Administration Guide - section "Upgrading the CloudGuard Gateway for NSX". 


    (6) Documentation

    Show / Hide this section

    (7) Previous Versions

    R77.30 CloudGuard Gateway v4 for NSX managed by R80.10 Management Server

    Show / Hide this section
    What's New
    • Integration of R77.30 CloudGuard Gateway v4 for NSX with the new R80.10 Management Server (sk111841).

    • OVF template of CloudGuard Gateway v4 for NSX includes fixes from General Availability Take_216 of R77.30 Jumbo Hotfix Accumulator

    • Significant performance improvement with NSX 6.3.2, with the VMware Network Extensibility (NetX) scale

    • IPv6 support

    • Support of "Reject" action in firewall rulebase

    • Support for using CloudGuard for NSX Gateway as TAP/Monitor device (sk101670)

    • Failure policy can be changed for services that have already been deployed

    • Bug fixes

    Resolved Issues

    For Known Limitations, refer to:

    ID Symptoms
    01502922 The firewall rulebase 'Reject' action is not supported.
    Rules with action 'Reject' will behave similarly to Rules with action 'Drop'.
    00631138 IPv6 is not supported.

    Documentation

    R80.10 CloudGuard Gateway for NSX managed by R80.10 Management Server

    Show / Hide this section

    R80.10 CloudGuard Gateway for NSX managed by R80.20 Management Server

    Show / Hide this section
      •  What's New
        • R80.20 Security Management Integration
        • NSX Manager 6.4.x support
        • CloudGuard for NSX Gateway with R80.10 Jumbo HF take 154 


    (8) Revision History

    Show / Hide the revision history

    Date Description
    24 Oct 2019 Release of VSR v7. 
    25 Dec 2018 Added R80.20 support for VSR v6. 
    23 May 2018 Added "R80.10 CloudGuard Gateway for NSX" and relevant compatibility information. 
    11 July 2017 "Introduction to vSEC" section - added link to CloudGuard for NSX Architecture Overview
    10 July 2017 Added "R77.30 CloudGuard Gateway v4 for NSX managed by R80.10 Management Server"
    22 May 2017 Added "R77.30 CloudGuard Gateway v2 for NSX managed by R80.10 Management Server"
    05 Apr 2017 Improved "Table of Contents"
    05 Mar 2017 Clarified the "What's New" item that OVF template of "CloudGuard Gateway v2 for NSX" includes fixes from General Availability Take_159 of R77.30 Jumbo Hotfix Accumulator
    28 Feb 2017 First release of this article.
    Applies To:
    • This sk replaces sk105297, sk109576, sk111966, sk114516

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment