Support Center > Search Results > SecureKnowledge Details
CloudGuard for NSX Technical Level
Solution

Table of Contents:

  1. Introduction to CloudGuard
  2. Components required for installation of CloudGuard Gateway for NSX
  3. CloudGuard Gateway for NSX
  4. CloudGuard Service Registration Hotfix
  5. Installation Instructions
  6. Documentation
  7. Previous Versions
  8. Revision History

(1) Introduction to CloudGuard

To learn more about Check Point's solutions and products, click here.  

CloudGuard solution CloudGuard product

CloudGuard for Private Cloud with SDN

Micro-segment your data center. Secure East-West traffic between applications.

CloudGuard for Public IaaS

Secure applications and connectivity in public clouds.

CloudGuard for Virtual Data Center

Virtual Security Gateway with integration to cloud management platforms.

Refer to CloudGuard for NSX Architecture Overview and sk111060 - ATRG: CloudGuard for VMware NSX.

(2) Components required for installation of CloudGuard Gateway for NSX

The following components are mandatory for installation of CloudGuard Gateway for NSX managed by CloudGuard Controller:

  • On the Management side, the following should be installed:

    # Component Description
    1

    Security Management Server /
    Multi-Domain Security Management Server

    Check Point's Management Server is the basic infrastructure to manage Check Point Security Gateways.
    2

    CloudGuard Controller Hotfix

    Installing this package on top of Check Point Management Server turns it into CloudGuard Controller server that is able:

    • to fetch Data Center objects from VMware NSX / VMware vCenter

    • to manage CloudGuard Gateways for NSX
    3

    CloudGuard Service Registration Hotfix

    This package installs modules on Check Point CloudGuard Controller server that are required by VMware NSX / VMware vCenter:

    • to deploy Check Point service in Hypervisor Mode to VMware NSX (using OVF)

    • to manage CloudGuard Gateways for VMware NSX in Hypervisor Mode
    4

    SmartConsole for CloudGuard Controller server

    This is the graphical UI for controlling and configuring the Check Point Management Server and its managed Check Point Security Gateways.

    The improved SmartConsole for CloudGuard Controller server allows the administrator to create and work with Data Center objects.

    Important Note: For Management Server R80.10 and above, use the standard SmartConsole R80.10 and above.

  • On the Gateway side, the following should be installed:

    # Component Description
    1

    CluodGuard Gateway for NSX - OVF template

    This is the standard OVF template that deploys Check Point Security Gateway as Service VM.
    2

    CloudGuard for NSX Hotfix

    Installing this package on top of Check Point Security Gateway updates the GW and align it with Check Point's maintrain R80.10 jumbo hf.

Refer to the following illustration:

(3) CloudGuard Gateway for NSX

  • What's New

    • Identity Awareness improvements
    • CloudGuard for NSX Gateway with R80.10 Jumbo Hotfix Take 203

  • Resolved Issues 

    ID Symptoms
    VSECNSX-691  CloudGuard for NSX Gateway with R80.10 Jumbo Hotfix Accumulator Take 203

  • CloudGuard Gateway for NSX Images and Hotfixes

    Package Link
    R80.10 CloudGuard Gateway for NSX (Take 154) - Upgrade package (b)(c) (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 203) - Upgrade package (b)(c) (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 225) - Upgrade package (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 279) - Upgrade package (TGZ)
    R80.10 CloudGuard Gateway for NSX (Take 279) - OVF Package (TAR)

    • Installation instructions appear in the Administration Guide - chapter "Configuring the Management Server" - section "Installing the CloudGuard Gateway OVF Files".
    • Refer to CloudGuard Gateway for NSX Administration Guide - section "Upgrading the CloudGuard Gateway for NSX",
    • For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a). Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.

(4) CloudGuard Service Registration Hotfix

  • What's New

  • R81.10 Security Management Server Registration Bundle

  • CloudGuard Service Insertion Hotfix


    Package CPUSE
    Online Identifier    		 CPUSE
    Offline
    Service Registration v7 Hotfix
    for R80.10 Management Server    		 Check_Point_R80.10_VSR7_Bundle_T7_sk114518_FULL.tgz (TGZ)
    Service Registration v7 Hotfix
    for R80.20 Management Server    		 Check_Point_R80.20_VSR7_Bundle_T8_sk114518_FULL.tgz (TGZ)
    Service Registration v7 Hotfix
    for R80.30 Management Server    		 Check_Point_R80.30_VSR7_Bundle_T8_sk114518_FULL.tgz (TGZ)
    Service Registration v7 Hotfix
    for R80.40 Management Server    		 Check_Point_R80.40_VSR7_Bundle_T12_SK114518_FULL.tgz (TGZ)
    Service Registration Hotfix for R81 Management Server Check_Point_R81_VSR_Bundle_T6_SK114518_FULL.tar (TGZ)
    Service Registration Hotfix for R81.10 Management Server Check_Point_R81_10_VSR7_Bundle_T1_FULL.tar (TGZ)

    • For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a).
    • Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.
    • For CPUSE Offline installation instructions, refer to sk92449 - sections (4-A-c) / (4-A-d) and (4-B-a).
    • NSX-V is End of Life (EOL). Before you upgrade to R81.20 Security Management, upgrade from NSX-V to NSX-T (see sk175823).

(5) Installation Instructions

1. Install Security Management Server / Multi-Domain Security Management Server:

  1. Install SmartConsole for Management Server.
  2. Enable the CloudGuard Controller by running the 'cloudguard on' command (refer to the relevant CloudGuard Controller Administration Guide, chapter "Integrating with Data Center Servers", section "Enabling the CloudGuard Controller")
  3. Install the Service Registration Hotfix on the Management Server. Refer to section 4 above for the supported Hotfixes and management versions.

2. Install R80.10 CloudGuard for NSX:

  1. Installation instructions appear in the Administration Guide - chapter "Configuring the Management Server" - section "Installing the CloudGuard Gateway OVF Files".
  2. Refer to the above section for the supported images and Hotfixes.
  3. Refer to the above section: How to upgrade to R80.10 CloudGuard Gateway for NSX.

3. How to upgrade to CloudGuard Service Registration

  1. Upgrade to Management Server if needed.
  2. Install the new CloudGuard Service Registration Hotfix. The Security Management Server with the new CloudGuard registration Hotfix re-attaches itself to a Gateway that has already been deployed. All services continue as they did before the upgrade.

Important Notes about upgrading a CloudGuard Service Registration:

  • Upgrading to a newer Service Insertion Hotfix is applicable only from VSRv5.
  • After an upgrade from R80.10, the CloudGuard for NSX Cluster Members may appear without topology (PMTR-27720).
  • Refer to the instructions in sk141955. Only R80.10 Management with R80.10 jumbo Hotfix Take 112 is supported.

4. How to upgrade to R80.10 CloudGuard Gateway for NSX

You can upgrade the "R80.10 CloudGuard Gateway for NSX" manually, via the CLI or CDT. Refer to CloudGuard Gateway for NSX Managed by R80.20 Platforms Administration Guide - section "Upgrading the CloudGuard Gateway for NSX". 

(6) Documentation


(7) Previous Versions

R77.30 CloudGuard Gateway v4 for NSX managed by R80.10 Management Server

Show / Hide this section
What's New

  • Integration of R77.30 CloudGuard Gateway v4 for NSX with the new R80.10 Management Server (sk111841).

  • OVF template of CloudGuard Gateway v4 for NSX includes fixes from General Availability Take_216 of R77.30 Jumbo Hotfix Accumulator

  • Significant performance improvement with NSX 6.3.2, with the VMware Network Extensibility (NetX) scale

  • IPv6 support

  • Support of "Reject" action in firewall rulebase

  • Support for using CloudGuard for NSX Gateway as TAP/Monitor device (sk101670)

  • Failure policy can be changed for services that have already been deployed

  • Bug fixes

Resolved Issues

For Known Limitations, refer to:

ID Symptoms
01502922 The firewall rulebase 'Reject' action is not supported.
Rules with action 'Reject' will behave similarly to Rules with action 'Drop'.
00631138 IPv6 is not supported.

Documentation

R80.10 CloudGuard Gateway for NSX managed by R80.10 Management Server

Show / Hide this section

R80.10 CloudGuard Gateway for NSX managed by R80.20 Management Server

Show / Hide this section
    •  What's New
      • R80.20 Security Management Integration
      • NSX Manager 6.4.x support
      • CloudGuard for NSX Gateway with R80.10 Jumbo HF take 154 


(8) Revision History

Date Description
30 Mar 2022 Release of Service Registration Hotfix for R81.10 Management Server
18 Nov 2020 Release of Service Registration Hotfix for R81 Management Server
24 Oct 2019 Release of VSR v7. 
25 Dec 2018 Added R80.20 support for VSR v6. 
23 May 2018 Added "R80.10 CloudGuard Gateway for NSX" and relevant compatibility information. 
11 July 2017 "Introduction to vSEC" section - added link to CloudGuard for NSX Architecture Overview
10 July 2017 Added "R77.30 CloudGuard Gateway v4 for NSX managed by R80.10 Management Server"
22 May 2017 Added "R77.30 CloudGuard Gateway v2 for NSX managed by R80.10 Management Server"
05 Apr 2017 Improved "Table of Contents"
05 Mar 2017 Clarified the "What's New" item that OVF template of "CloudGuard Gateway v2 for NSX" includes fixes from General Availability Take_159 of R77.30 Jumbo Hotfix Accumulator
28 Feb 2017 First release of this article.
Applies To:
  • This sk replaces sk105297, sk109576, sk111966, sk114516

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment 

SECURE YOUR EVERYTHING

©

Copyright | Privacy Policy
Follow Us