Partner POV | Check Point and Nutanix Advance Cloud Network Security
This article was written and contributed by, Check Point.
As hybrid cloud environments grow in popularity and AI-driven threats become more sophisticated, organizations are under increasing pressure to enhance their security posture without adding operational overhead. We're excited to report a significant step forward in this mission: Check Point CloudGuard Network Security is Nutanix Ready validated with Nutanix Cloud Infrastructure (NCI) Release 7.3 networking enhancements, including the Nutanix Flow Network Security solution.
Flow Network Security expands microsegmentation capabilities with entity groups, vNIC-specific policies, and global policy scopes. This integration empowers customers to seamlessly implement CloudGuard Network Security using Nutanix native Service Insertion and firewall chaining capabilities—fully integrated with Flow Virtual Networking (FVN) for streamlined, high performing, scalable network security.
This builds on the long standing partnership between Check Point and Nutanix and extends the integration introduced in our earlier blog post, Advanced Network Security with Check Point CloudGuard and Nutanix Cloud Platform.
What is Nutanix Service Insertion?
Service Insertion allows you to insert third-party virtual network services (like Check Point CloudGuard Network Security with IPS, anti-bot, etc.) into the data path between VMs—enabling L3 network service chaining. It integrates with Flow Virtual Networking (FVN) to route traffic through virtual appliances for advanced network security and visibility.
What's New with Nutanix Cloud Infrastructure (NCI) Release 7.3?
Nutanix NCI 7.3 introduces key enhancements for automating and securing modern virtual networks. These capabilities simplify configuration and management of virtual networks for security architects:
- Service Insertion: Integrating with Flow Virtual networking (FVN) allows seamless redirection of traffic to third-party firewalls like Check Point CloudGuard Network Security for deep packet inspection and policy enforcement.
- Flow Virtual Networking improvements: Improved policy creation, visualizations, and service chaining workflows make it easier to implement zero trust micro-segmentation and compliance controls.
CloudGuard Network Security + Service Insertion = Zero Trust Simplified
With AOS 7.3 and Service Insertion, Check Point CloudGuard Network Security becomes a first-class security leader in the Nutanix ecosystem. Traffic between VMs or across tenant zones can now be automatically redirected through CloudGuard Network Security firewalls for inspection and enforcement—without manually configuring routing tables or VLANs.
This enables:
- Zero Trust architecture
- East-West micro-segmentation
- Multi-tenant security
- Traffic logging and compliance
- Transparent East-West traffic inspection inside the private cloud
- North-South security enforcement for traffic entering or exiting the Nutanix environment
- Dynamic, policy-based service chaining to apply multiple layers of inspection
How Firewall Chaining Works with CloudGuard Network Security
Firewall chaining allows you to define a service chain, enabling traffic to be passed through a series of inspection points, such as Check Point firewalls, IDS/IPS, and other appliances, in a defined order, not based on static routing but dynamic policies:
[VM1] → [CloudGuard Network Security NGFW] → [Traffic Analyzer] → [VM2]
Using Nutanix Flow Virtual Networking, security engineers can define traffic policies that automatically route selected flows through the CloudGuard Network Security gateway. CloudGuard Network Security then inspects and filters traffic using its industry-leading threat prevention, application control, IPS, anti-virus, and anti-bot technologies—all managed centrally through Check Point's SmartConsole or Infinity Portal.
Key Benefits for Nutanix and CloudGuard Network Security Customers
- Enhance compliance: enforce Zero Trust and AI-powered traffic inspection for regulated data.
- Accelerated deployment: Check Point software integration and Nutanix NCM Self-Service (formerly CALM blueprint) accelerates deployment, providing standard templates with configuration flexibility.
- Lower security operations costs with CloudGuard Network Security adaptive policies: through integration with Nutanix Prism Central, CloudGuard Network Security imports categories, tags, endpoint groups, and virtual machine identities into its security management framework. This use of Nutanix categories and tags, enables the creation of security policies that automatically adapt to changes in virtual infrastructure. For instance, if a new Nutanix Store Server VM is deployed and added to the Store_Servers group, it will automatically receive the policies for the Store Servers group ensuring continuous and consistent protection without manual intervention.
| Joint Capabilities | Description |
|---|---|
| Zero Trust Micro-Segmentation | Enforce L3–L7 security policies, application, and user blocking between cloud subnets and workloads |
| Dynamic Traffic Steering | Route traffic based on policy, not static rules |
| Multi-tiered Security | Chain multiple services (e.g., FW + IPS) |
| Integrated Monitoring | Visibility through Flow Visualizer + Check Point logs |
| Reduced Complexity | No manual network plumbing—fully software-defined |
Next Steps: Secure Nutanix and All Your Networks with Check Point
Combining Nutanix's SDN capabilities with CloudGuard Network Security provides the control, visibility, and automation you need to securely scale cloud services anywhere you choose.