- Quantum Edge R80.20.10 and above
- Oracle SD-WAN Edge Release 9.0 and above
- Oracle Talari E100 Appliance
This document outlines the integration between Check Point Quantum Edge and Oracle SD-WAN Edge.
Check Point Quantum Edge protects branch offices on-premises with top-rated Threat Prevention that can be deployed in minutes and managed by a unified threat prevention and access platform.
The Oracle SD-WAN Edge is engineered for maximum business impact in an enterprise network. This is achieved by creating failsafe WANs that offer superior application reliability, while unlocking the benefits of network resiliency and scalable bandwidth. The Oracle SD-WAN Edge includes key network services including WAN-OP routing and firewall. The Oracle Communications SD-WAN Edge transforms a traditional WAN into a network that is easy and fast to deploy, offers increased application reliability, security and performance while leveraging affordable broadband links that are transformed into an enterprise-class infrastructure. It does this by understanding a company’s applications and priorities while adapting automatically to changing conditions and demands. The Oracle SD-WAN Edge supports various link types, such as MPLS and broadband Internet, and works well with common services such as WAN optimization.
Together, Oracle SD-WAN Edge and Check Point deliver a best-of-breed SD-WAN and security platform for enterprises accessing mission-critical internally hosted applications as well as those going directly to the internet for accessing cloud applications.
Quantum Edge runs as a virtual machine on top of the Oracle Talari E100 appliance, providing on-premises protection for both North/South and East/West traffic. This capability protects organizations that must adhere to data privacy, compliance, or location requirements.
Service chaining is one of the unique features of Oracle SDWAN, where customers can install a virtual KVM image of a NGFW, this feature is supported on The E100 Oracle SD-WAN Edge device.
The graphic above shows an example of service chaining a Check Point Quantum Edge virtual firewall on the E100 and allows for local Internet breakout with NGFW protection for Internet/SaaS applications.
Shown is a typical deployment of the Check Point NGFW. the LAN side of the FW is internally connected to the WAN link defined in SDWAN configuration.
The Check Point VM management port will be bridged to the Oracle SDWAN physical management port. Both the E100 and the Check Point VM have separate management IP addresses.
The WAN side of the firewall is bridged with the physical interface on the E100 which is connected to the Internet WAN link.
Traffic flows from the LAN will first travers the SDWAN where the SDWAN routing policies will forward the traffic to a proper service based on the destination.
Traffic destined for Internet will then be accounted for and forwarded to the Quantum Edge, where it is inspected, and NATed to its destination.
Management of the Quantum Edge security policy can be done in multiple ways:
- Local Management
- Security Management Server
- Multi-Domain Management
- Smart-1 Cloud Management-as-a-Service(requires R80.20.10 and above)
- SMP (Security Management Portal) cloud management platform
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.