Support Center > Search Results > SecureKnowledge Details
R80 vSEC Controller v2
Solution

Table of Contents

  • What's New
  • Resolved Issues
  • Introduction to vSEC Controller
  • Installation Instructions
  • Documentation
  • Revision History

 

For more information on R80 vSEC Controller v2, refer to:
You can also visit our vSEC forum or any other Check Point discussion forum to ask questions and get answers from technical peers and Support experts.

 

What's New in R80 vSEC Controller v2

  • Support for vSEC Controller in Amazon Web Services (AWS)
  • Support for vSEC Controller in Microsoft Azure
  • Support for vSEC Controller in OpenStack
  • Support for Threat Prevention Tagging in vSEC Gateway for VMware NSX
  • Support for vSEC Controller in R80 Multi-Domain Security Management Server

 

Resolved Issues

Note: For Known Limitations, refer to R80 vSEC Controller v2 Known Limitations.

ID Symptoms
vSEC Controller
02201301 Data Center objects may not be enforced on vSEC Gateway, if Data Center objects are used in both Access policy and Threat Prevention policy, and only one of these policies is installed. Refer to sk112616.
vSEC Controller Hotfix
-

Reinstalling of vSEC Controller Hotfix is not supported from CPUSE.

Follow these steps to reinstall the vSEC Controller Hotfix:

  1. Uninstall the vSEC Controller Hotfix
  2. Reboot the vSEC Controller
  3. Install the vSEC Controller Hotfix again
  4. Reboot the vSEC Controller
Threat Prevention
- vSEC Threat Prevention Tagging is not supported.

 

Introduction to vSEC Controller

This section describes the R80 vSEC Controller v2 components.

Component Description

Mandatory:

R80 vSEC Controller v2 Hotfix

and

R80 vSEC Controller v2 Enforcer Hotfix

and

R80 SmartConsole

R80 vSEC Controller v2 Hotfix must be installed on R80 Security Management Server / Multi-Domain Security Management Server (which makes it a vSEC Controller server) in order to fetch Data Center objects from VMware NSX / VMware vCenter, Cisco APIC, Amazon Web Services (AWS), Microsoft Azure and OpenStack, and use them in Check Point policy.

R80 Security Management Server / Multi-Domain Security Management Server with installed R80 vSEC Controller v2 Hotfix is able:

  • to fetch Data Center objects from VMware NSX / VMware vCenter, Cisco APIC, Amazon Web Services (AWS), Microsoft Azure and OpenStack.

  • to manage the following Security Gateways only:

    • Security Gateways R77.30 and R77.20 only, with installed R80 vSEC Controller v2 Enforcer Hotfix, whose policy contains Data Center objects
    • Security Gateways R75.20 and above, whose policy must not contain any Data Center objects

R80 vSEC Controller v2 Enforcer Hotfix must be installed on Check Point Security Gateway to turn it into vSEC Gateway and accept a policy that contains Data Center objects from the vSEC Controller.

SmartConsole is the graphical UI for controlling and configuring the Check Point Management Server and its managed Check Point Security Gateways.
The improved R80 SmartConsole for R80 vSEC Controller server allows the administrator to create and work with Data Center objects.

Optional:

R80 vSEC Service Registration v2 Hotfix

This package installs modules on Check Point vSEC Controller server that are required by VMware NSX / Cisco ACI.

R80 vSEC Controller v2 with installed R80 vSEC Service Registration v2 Hotfix is able:

  • to deploy Check Point service in Hypervisor Mode to VMware NSX (using OVF), and to Cisco ACI.

  • to manage vSEC Gateways for VMware NSX in Hypervisor Mode (sk114518).

  • to manage vSEC Gateways for Cisco ACI (sk111969).

Refer to the following illustration:

 

Installation Instructions

  1. Install R80 vSEC Controller v2:

    1. Install Take_132 of Check Point R80 (which includes Take_76 of R80 Jumbo Hotfix Accumulator).

      Show / Hide the Notes

      Alternatively:

      1. Install a lower released Take than Take_132 of Check Point R80
      2. Install Take_76 of R80 Jumbo Hotfix Accumulator

      Notes:

      • Only Take 132 and lower of R80 release are supported.
      • Only Take_76 of R80 Jumbo Hotfix Accumulator is supported (it is integrated into Take_132 of R80).
    2. Install R80 vSEC Controller v2 Hotfix on R80 Security Management Server / Multi-Domain Security Management Server:

      Package CPUSE
      Online Identifier (a)
      CPUSE
      Offline (b,c)
      vSEC Controller Hotfix for R80 Security Management Server and
      Multi-Domain Security Management Server
      Check_Point_R80_vSEC_Controller_V2_HOTFIX_FULL.tgz (TGZ)
      Show / Hide the Notes
      1. For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a).
      2. Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.
      3. For CPUSE Offline installation instructions, refer to sk92449 - sections (4-A-c) / (4-A-d) and (4-B-a).
      4. Legacy CLI installation is not supported.
    3. Install R80 SmartConsole for R80 vSEC Controller v2:

      Package Link
      R80 SmartConsole for R80 vSEC Controller v2 (EXE)
  2. Install Security Gateway and R80 vSEC Controller v2 Enforcer Hotfix:

    1. Install Security Gateway R77.20 / R77.30 with Jumbo Hotfix Accumulator for R77.20 / R77.30:

      Note: Installation of Jumbo Hotfix Accumulator for R77.20 / R77.30 is recommended, but not mandatory.

    2. Install R80 vSEC Controller v2 Enforcer Hotfix on Security Gateway R77.20 / R77.30:

      Package CPUSE
      Online Identifier
      CPUSE
      Offline
      Legacy
      CLI
      vSEC Controller v2 Enforcer hotfix
      for Security Gateway R77.30 (a)
      Check_Point_R77.30_vSEC_Controller_Enforcer_Hotfix_FULL.tgz (c) (TGZ) (d,e) (TGZ) (f)
      vSEC Controller v2 Enforcer hotfix
      for Security Gateway R77.20 (b)
      N / A (g) N / A (g) (TGZ) (f)
      Show / Hide the Notes
      1. This package of vSEC Controller v2 Enforcer Hotfix for Security Gateway R77.30 can be installed:
        • either on top of R77.30 GA,
        • or on top of Take_185 (and above) of R77.30 Jumbo Hotfix Accumulator (otherwise, the installation of the vSEC Controller v2 Enforcer Hotfix would fail)
      2. This package of vSEC Controller v2 Enforcer Hotfix for Security Gateway R77.20 can be installed:
        • on top of R77.20 GA,
        • or on top of Take_99 (and above) of R77.20 Jumbo Hotfix Accumulator (otherwise, the installation of the vSEC Controller v2 Enforcer Hotfix would fail)
      3. For CPUSE Online installation instructions, refer to sk92449 - sections (4-A-a) / (4-A-b) and (4-B-a).
      4. Before installing this package using CPUSE on an offline machine, it is required to manually install the latest build of CPUSE Agent from sk92499.
      5. For CPUSE Offline installation instructions, refer to sk92449 - sections (4-A-c) / (4-A-d) and (4-B-a).
      6. Legacy CLI installation instructions:
        1. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
        2. Unpack and install the hotfix package:
          [Expert@HostName:0]# cd /some_path_to_fix/
          [Expert@HostName:0]# tar -zxvf Check_Point_<Version>_vSEC_Controller_Enforcer_Hotfix_Gaia_ sk115772.tgz
          [Expert@HostName:0]# ./fw1_wrapper_<HOTFIX_NAME>
          Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
        3. Reboot the machine.
      7. On Security Gateway R77.20, only Legacy CLI installation is supported.

 

Documentation

Product Link
R80 vSEC Controller v2
vSEC for NSX
vSEC for Amazon Web Services
vSEC for Microsoft Azure

 

Revision History

Show / Hide the revision history

Date Description
01 Mar 2017
  • Minor improvements in text
28 Feb 2017
  • First release of this article

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment