Support Center > Search Results > SecureKnowledge Details
CloudGuard for Oracle Cloud Infrastructure (OCI) Technical Level
This SK highlights Check Point's CloudGuard solutions for Oracle Cloud Infrastructure (OCI) as well as general guidance, best practices, and solutions to issues discovered in the field.
  • Supported Versions: R80.20 | R80.30 | R80.40 | R81 | R81.10 recommended version)
  • Supported Deployments:
  • Licensing: BYOL (all versions), PAYG (R80.40, R81, and R81.10 only)
  • Definition of OCPU: Instance sizes: 1 OCPU is equivalent to 2 vCPUs. When you purchase a quantity, you must license according to the total amount of vCPUs.
    • Example: If you want to deploy a cluster with 2 OCPU instances you must purchase a quantity of 4 cores of CloudGuard.
  • Cluster Note: Cluster members' system time needs to be within 5 minutes of the actual time to communicate with the OCI API properly.
  • Interface MTU: All interfaces must have an MTU of 9000.
  • VFIO/SRIOV(***Recommended for best network performance***): VFIO/SRIOV is supported on all supported shapes except Standard2.
  • Standard2 Shapes: Supported
  • E3.Flex Shapes: Supported(VFIO/SRIOV strongly recommended)
  • E4.Flex Shapes: Supported(VFIO/SRIOV strongly recommended)
  • Optimized3.Flex Shapes: Supported(VFIO/SRIOV strongly recommended)
  • Enhanced DRG(Dynamic Routing Gateway): Supported
  • Identity Policies: Ensure that Identity Policies cover all compartments that contain resources relevant to your Check Point installation.  (Ex. - VCN's associated with cluster IP moves due to failover events)
  • Making use of DRGs and OCI Service Gateways: OCI service gateways are needed to provide access to the Oracle API Service for cluster operations when internet access is unavailable.  When used in conjunction with DRG's, the OCI Service Gateway route rule must be created in the DRG Route Table.


Test Coverage / Shape Size

2 OCPUs 4 OCPUs 8 OCPUs 16 OCPUs
Firewall only 2 Gbps 4 Gbps 8 Gbps 16 Gbps
Firewall + IPS 2 Gbps 4 Gbps 8 Gbps 16 Gbps
(Firewall + IPS + Application Control)
2 Gbps 4 Gbps 8 Gbps 16 Gbps
(NGFW + URL Filtering + Anti-Virus + Anti-Bot)
2 Gbps 4 Gbps 8 Gbps 16 Gbps
- Performance is limited by the amount of bandwidth allocated to each shape size
- Test environment utilized CloudGuard Network Security R80.40 and E3 shapes with VFIO/SRIOV network interfaces

Current Oracle Cloud Marketplace Listings (as of 10 December 2021)

BYOL Stacks
(Terraform deployment templates)

BYOL (all versions supported)

PAYG (R80.40, R81, and R81.10 only)

Related Information:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document