Checkpoint vSEC for VMware NSX
Security for east-west traffic between virtual machines with full automation and orchestration

Checkpoint vSEC for VMware NSX

Check Point vSEC Gateway for VMware NSX

vSEC Gateway for VMware NSX

vSEC NSX Gateway CPU socket license. Integrating Next Generation Threat Prevention annual service for the 1st year

#CPSG-vSEC-NSX-NGTP-GW
המחיר שלנו: הצעת מחיר

1 physical CPU socket license for vSEC Gateway for NSX with Next Generation Threat Prevention & SandBlast (NGTX) including service for the 1st year
*רישיון מיוחד נגד מתקפות כופר

#CPSG-vSEC-NSX-NGTX-GW
המחיר שלנו: הצעת מחיר

הצעת מחיר

מחירים נוספים מופיעים למטה, או לחצו כאן!

שימו לב: כל המחירים באתר כוללים מע"מ. החיוב יבוצע על פי שער "העברות והמחאות מכירה" של המטבע (דולר אמריקאי) ביום אישור ההזמנה.

Advanced Security protections seamlessly enforced inside the Software-Defined Data Center (SDDC)

Couple vSEC security with NSX micro-segmentation for advanced protection of east-west data center traffic
Multi-layered threat prevention with the highest catch-rates against malware, for advanced protection of traffic between virtual machines
Auto-detection, quarantine and remediation of infected virtual machines

Agile security provisioning for the SDDC

Fine-grained policies dynamically tied to VMware NSX Security Groups and vCenter VM objects aid fast and secure application delivery
Security policy easily segmented into sub-policies aligned to micro-segmented networks
Security services auto-provisioned in tandem with VMware ESX host deployments and virtual machine movement
Security capacity that elastically scales to adjust to dynamic network changes

Comprehensive threat visibility across the SDDC

Unified management with single policy for both virtual and physical gateways simplifies security enforcement
Centralized monitoring and logging ensures comprehensive threat visibility
Virtual network-specific reports provide insight into SDDC threat trends

Features

Feasible, scalable micro-segmentation

Inherent VMware NSX network isolation and segmentation makes data center micro-segmentation feasible without the need to configure vLANs, ACLs, firewall rules, physical firewalls and routers. With Check Point vSEC, a layered approach to policy management allows administrators to segment a single policy into sub-policies for granular rule definitions and delegation of duties by network segment. This ensures that the right level of protection is applied across each network segment.

Ubiquitous security enforcement

The VMware NSX network hypervisor is optimally located between the application and the physical infrastructure, enabling distributed enforcement at every virtual interface. By integrating with VMware NSX, Check Point vSEC can dynamically insert advanced security protection. Check Point’s Advanced Threat Prevention delivers multi-layered defenses, with the industry’s best catch rates and comprehensive threat intelligence, to proactively stop botnets, targeted attacks, advanced persistent threats and zero-day attacks. VMware NSX makes it possible to chain Check Point’s advanced security protections between different workloads and to control communications between applications. This reduces network complexity and the need to use multiple VLANs inside the data center.

Comprehensive control and visibility

Security management is simplified with centralized configuration and monitoring of virtual security gateways. Virtual workload traffic is logged and can be easily viewed within the same dashboard as other gateway logs. Security reports specific to virtual workload traffic can be generated to track security compliance across the virtual network.

Check Point vSec security for VMware NSX flow chart

Context-aware security policy

VMware NSX standard tags enable full-context sharing between VMware NSX, VMware vCenter and the Check Point vSEC management platforms ensures that VMware Security Groups and VM identities are easily imported and reused within the Check Point security policy. This reduces security policy creation time from minutes to seconds. Context-awareness is maintained so that any changes or new additions are automatically tracked. This makes it possible for security protections to be enforced on virtual applications regardless of where they are created or located.

In addition, predefined Check Point security templates automate the security of newly provisioned VMs.

Security automation and orchestration

Check Point vSEC leverages VMware NSX security automation for dynamic distribution and orchestration of vSEC for protecting East-West traffic. Check Point vSEC detects and tags malware-infected VMs, and automatically updates VMware NSX. Threats are quickly contained and the appropriate remediation service can be applied to the infected VM. In the data center environment, there is often a need to integrate different systems that manage the security workflow. Also, repetitive manual tasks must be automated to streamline security operations. Check Point’s security management API allows for granular privilege controls, so that edit privileges can be scoped down to a specific rule or object within the policy, restricting what an automated task or integration can access and change. This ability to perform trusted connections provides security teams with the confidence to automate and streamline the entire security workflow.

Features	Details
Supported VMware Solutions	VMware vSphere 5.5.x VMware vSphere 6 VMware vCenter Server 5.5 or later VMware ESX 5.5 or later for each server VMware NSX Manager 6.1.x VMware NSX Manager 6.2.x
Supported Check Point Releases	R77.20VSEC R77.30VSEC
Memory and System Requirements	2G RAM 5 virtual cores 80G HDD

הערות תמחור:

שימו לב: כל המחירים באתר כוללים מע"מ.
החיוב יבוצע על פי שער "העברות והמחאות מכירה" של המטבע (דולר אמריקאי) ביום אישור ההזמנה.
מחירי המוצרים וזמינותם כפופים לשינויים ללא הודעה מוקדמת.
vSEC Gateway for NSX is licensed by the aggregated number of physical CPU sockets of the ESX hosts it protects. This is the same licensing model employed by VMware for their NSX product
vSEC Gateway for NSX license is pool based:
- You can start with a certain pool size and add additional licenses to the pool as you grow
- The license is installed on Check Point management server and will be assigned to the vSEC gateways deployed on each host in the ESX cluster
- For example: a cluster of 10 ESX hosts with 2 CPU per host, will require vSEC license for 20 CPUs
Renewal:
- The vSEC Gateway license is composed of a perpetual software license and services renewal license
- The renewal subscription license should match the original license in number of CPUs. If one purchased 4 x CPSG-vSEC-NSX-NGTX-GW then one should purchase 4 x CPSG-vSEC-NSX-NGTX-GW-1Y in order to renew the service subscription beyond the first year
Additional info:
- Managing vSEC for NSX requires a management license. Every ESX cluster protected by vSEC counts as 1 gateway for management license count purposes
- vSEC license is the only type of license permitted for Check Point gateways on virtual machine
- For NGTX license: NGTX cloud inspection quota is 10k files/CPU/month
- FAQ is available for partners in the sales enablement tools section under next generation firewall, private cloud