Create a Check Point CloudGuard Firewall

This topic explains how to create and operate a Check Point CloudGuard virtual device. See Check Point Specifications for more information about the CloudGuard Firewall virtual device.

  1. Sign in to Equinix Fabric.
  2. From the Network Edge menu, select Create Virtual Device.
  3. In the Single Virtual Device card, click Create Device.

  4. Click Begin Creating Edge Devices.
  5. In the Select Vendor Package(s) for your Device(s) section, locate the Check Point card and click See Description.

  6. Click Select and Continue.
  7. In the Select Metro section, click a location.
  8. In the Select Billing Account section, select a billing account in the Your accounts in this metro drop-down menu.

    In order to create a device in a specific metro location, you need a billing account for the metro. You can continue without selecting an account, but you won’t be able to create your device.
  9. If you require a separate location for the high availability device than the one selected above, click Select a separate location for the high availability device.

  10. Click Next: Device Details.

    Device Configuration defaults to Self-configured. Licensing defaults to Bring your own License.

  11. Select the Device Resources (2 cores, 8GB memory; 4 cores, 8GB memory; or 8 cores, 16GB memory).

    The Software Package defaults to Standard. The Version defaults to 80.40.

  12. In the Virtual Device Details box, enter:

    • Device Name – Enter a name for the device.
    • Host Name – Enter a host name prefix for the primary device.
  13. In the Interfaces box:
    • The drop-down menu defaults to 8 interfaces (Default).
    • Select your WAN/SSH interface – Select an interface or let Network Edge choose one for you.
  14. In the Device Status Notifications box, enter the email addresses of anyone who should receive email notifications regarding device status.
  15. (Optional) In the Optional Details box, enter the Purchase Order Number and Order Reference/Identifier.
  16. In the Term Length drop-down menu, select a term length.
  17. Click Next: Additional Services to add any additional services.

    • Click Add Users to configure user names for SSH and Web-Console access. For Self-configured devices, you need to configure SSH Public Keys to perform password-less authentication. For more information, see Network Edge Device Access.

    • RSA Public Keys – Enter an existing RSA Public Key, or click Add New RSA Public Key to generate a new one.

    • Diverse Compute from an Existing Single Device – If you already have another single device and you want this new device to exist in a different plane, click Select Diverse From and select the existing device.
    • Add Access IP Addresses – Select an access control list (ACL) template. This template will be applied to the gateway interface connected to the WAN/SSH interface of your VNF. ACL templates control communication from the Internet.

      • Note: By default, the communication required for initial bootstrap (DNS, NTP, License Server communication, SD-WAN controller communication, etc.) is allowed to properly configure the initial VNF configuration. Additional protocols such as SSH need to be intentionally permitted using an ACL template (Custom ACL). After deployment, you will need to manually update your ACL with public IPs for access to all the required services.

      To create a template to apply to your device, click Create Access Control List Template. See Configure Access Controls on Virtual Devices for more information.

    • Additional Internet Bandwidth – Add between 25 and 5000 additional Mbps of internet bandwidth (for a fee). 15 Mbps of Internet Bandwidth is included free in the package by default.

  18. Click Next: Review.
  19. In the Terms & Conditions box, click Review and Accept Order Terms.
  20. Select I have read and understand these terms and click Accept.
  1. Click Create Virtual Device.