Check Point CloudGuard and VMware Deliver Advanced Security at Scale and Speed at VMworld Europe 2018

By Amir Kaushansky, Sr. Product Manager, Cloud Security


In August this year, I had the pleasure of attending and presenting at my first VMworld, Las Vegas, and I’m glad to say it will not be the last. However, in this case, what happens in Vegas will certainly not stay in Vegas. We are excited to be in Barcelona, Nov. 5-8 as a platinum sponsorship next week.  We invite you to attend our sessions  on Nov. 6 and Nov. 7. Let’s take a deep dive into what we will present with VMware to deliver agile and elastic cloud infrastructure.


The session was co-presented with Jeremiah Cornelius, VMware’s Partner Architect for Check Point, on “A Practical Guide for Delivering Advanced Security at Scale & Speed in SDDC”, with the following main takeaways:

  • NSX provides a secure platform to deliver VMs.
  • Check Point CloudGuard IaaS provides advanced security on top of NSX with features such as IPS, Application Control, IPsec VPN, Antivirus, AntiBot and award-winning SandBlast sandboxing technology.
  • Check Point and VMware has a very strong partnership. Check Point is a design partner to features in NSX such as the multi-channel and Check Point is integrated with many VMware products such as vRealize, vRNI and more.


I was able to showcase that the NSX – CloudGuard integration provides extra value via a demonstration using Ransomware, we installed a Windows environment with NSX firewall rules allowing port 445 only. The ransomware was merely installed on one machine but spread spread across the entire cluster. Not exactly the kind of incident you want happening across your systems, right?


However, we then used the same test, but this time we had CloudGuard IaaS installed and were able to prevent the entire attack.


While this is obviously the desire outcome, my main area of interest concerned the NSX-T Data Center as I had heard it is no longer just a private cloud deployment but can also act as the network virtualization and security platform that enables the virtual cloud network, a software-defined approach to networking that extends across data centers, clouds, endpoints, and more. The idea with NSX-T Data Center that is most interesting is that networking and security are brought closer to the application wherever it is running, from VMs to containers, bare metal and multiple hypervisors.


Figure 1: NSX-T Edge Routers Deployment


With my VMware counterparts, we discussed the various integration points:


  • Insertion:
    • North-South – from/to the internet or external network to the NSX-T T Data Center workloads.
    • East West – between workloads on the NSX-T Data Center.
  • Inventory – CloudGuard reads the inventory from NSX and allows the security operator to use objects from the inventory as part of the security policy. CloudGuard watches these objects and updates the gateway on any change that might occur on the NSX side.


We formalized an action plan and kicked off the first two items: North-South insertion of CloudGuard IaaS and NSX-T inventory.


As a result, I’m happy to announce that Check Point has certified and released this new integration and we now support the insertion of CloudGuard IaaS to T0 and T1 edge routers in a three-step, easy-to-use wizard.

Figure 2: North-South insertion Wizard in NSX-T Data Center


By doing so, Check Point CloudGuard IaaS will boost its ability to deliver advanced threat prevention security to VMware NSX-T Data Center environments. Designed for the dynamic requirements of cloud-based data centers, CloudGuard is a prime solution for providing automated security provisioning coupled with the comprehensive protections. Centrally managed across hybrid infrastructures, CloudGuard provides consistent security policy enforcement, full threat visibility across physical data centers, SDDCs, and public cloud environments.


As mentioned earlier, what happened in Vegas did not stay in Vegas and the same goes for VMware Europe in Barcelona on November 5-9. Attend the session in-person and ask questions. We look forward to you dropping by the Check Point booth, P413, and checking out for yourself the integrated VMware-CloudGuard solution story.


Join our breakout sessions and hands-on labs:


  • You can still get burned when it’s cloudy, presenter Yariv Fishman Head of Product Management, Cloud Security and IoT [NET1020BES]– Tue., 06 November, 12:30 – 13:30
  • Practical Guide for Delivering Advanced Security at Scale and Speed in SDDC, [HYP1022BES] presenters Jeremiah Cornelius Partner Alliances Architect and Javier Hijas, Cloud Security Leader for Check Point on Wed., 07 November, 14:00 – 15:00
  • Check Point CloudGuard and VMware NSX – Advanced SDDC Security, [SPL-1924-01-NET_E] Hau Tran, Senior Solutions Engineer, VMware and Glenn Gauvin,  Cloud Technical Marketing Engineer Check Point