Aviatrix’s Check Point CloudGuard Related Features

There are many features Aviatrix has developed for our Firewall partners to help achieve compliance, lower TCO, and enhanced application security needs.

The following table is a list of some of the important features for Check Point CloudGuard deployment. There are some very specific ones for Check Point, and then there are some features applicable to other firewall vendors as well.

FeatureBusiness Outcome / Use-CaseApplicable Cloud/Transit
Support existing or private offer security gateway (BYOL). Some customer comes with the private offer and deploys the security gateway themselves or their own automation process. For such customers, Aviatrix allows ingesting the existing security gateways.Cost optimization, compliance, and auditAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
CloudGuard Metered OptionTime-to-market, CI/CD integrationAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Policy-Based Service Insertion, Threat Prevention, and Deep Packet InspectionSingle click and intent based automatic policy creation to provide complianceAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Active/Active Centralized DeploymentIncreased availability, cost-optimization, simplified operations and enhanced visibilityAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Scale-out and scale-up Security Gateway deployment support Cost optimization, enhanced security posture, reduces riskAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Egress Traffic inspection supportCost optimization and enhanced application security postureAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Ingress Traffic inspection support. Various deployment models to protect ingress traffic while also preserving the source IPEnhanced visibility and securityAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Fail-open or Fail-close operationsBusiness continuity and quick problem resolutionAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Diagnostic capabilities. Help find the common causes quickly.  Shows Sec.GW/firewall status, spoke attachments, management access etc.Enhanced visibility and reduced MTTR. AVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
ICMP Health Check on LAN interface. Detect failure in less than 5 seconds and rebalance/rehash the traffic towards active firewall/sec.gwImproved security posture and DDoS preventionAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
TCP Health Check
Using the Azure native LB to load balance for CloudGuard and also for health check via TCP probes
Increase availability and security compliance needsAVX-TR-AZU
Native-AZU
Check Point CloudGuard Geo Cluster support for East-West trafficIncreased application availability in case of failureAVX-TR-AWS
AVX-TR-AZU
AWS-TGW
Azure-Native
Support for newer Check Point versionsEnhances security and business agilityAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Support security domains and connection policies with encrypted tunnels and connectivityEnhanced application security posture and protectionAVX-TR-AWS
AVX-TR-AZU
Azure-Native
CheckPoint Vendor Integration with AWS and Azure to propagate and install RFC1918 and BGP routesReduces risk and increase time to market with always-on automationAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Exclude list of CIDR/IP from being inspected by FireNet. Customer can create a policy to exclude Check Point Security Manager, Controller, and GW IP addressesReduces unnecessary burden on security infrastructure that in turn could help with cost-optimizationAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Egress and E-W Filtering by different firewall clusters (Dual FireNet). Take the guesswork out from the design. Traffic segregation across different sets of CloudGuard security gatewayMeets compliance and audit requirements to segregate traffic. Reduces the attack surface. Enhanced visibiliy.AVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Intra Security Domain Firewall Inspection. Inspection within the VPC.Enhanced application securityAWS-TGW
API and Terraform support for CloudGuards. Consistent automation and a single entry point for IaC.Time-to-market, agility, and automated complianceAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Azure Transit FireNet support Insane Mode. Increase the throughput in AzureCost optimizationAVX-TR-AZU
CheckPoint Bootstrap for automated deploymentIncreased compliance and reduced riskAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
2-tuple and 5-tuple hashing choices.
The 2-tuple use case is to support an application where multiple TCP sessions are used for an egress Internet service therefore requiring all sessions to go through one firewall with the same source NAT IP address.
Compliance and auditAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Single Click ClougGuard Enable/Disable inspection. Reduces MTTR, enhances operations, and supportAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Azure-Native
Route Synchronization
New route received from on-prem via BGP will be programmed automatically in the VPC/VNET and also in the Security Gateway / Firewall
Business continuity and improved application protectionAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Native-AZU
Private Communication from On-Prem for Sec.GW management accessImproves compliance. Reduces the attack surface. Improves TCOAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Native-AZU
Check Point CloudGuard SIC Key
Secure Internal Communication Activation Key provides easy of deployment
Improves security and automation capabilitiesAVX-TR-AWS
AVX-TR-AZU
TGW-AWS
Native-AZU

Legends

  • AVX-TR-AWS: All encrypted Aviatrix Transit FireNet deployment in
  • AVX-TR-AZU: All encrypted Aviatrix Transit FireNet deployment in Azure
  • TGW-AWS: non-encrypted AWS Transit Gateway FireNet deployment
  • Native-AZU: non-encrypted Azure Native Peering FireNet deployment

Leave a Reply