As hybrid cloud environments grow more complex and AI-driven threats become more sophisticated, organizations are under increasing pressure to enhance their security posture without adding operational overhead. We're excited to report a significant step forward in this mission: Check Point CloudGuard Network Security is Nutanix Ready validated with Nutanix AOS 7.3 networking enhancements including the Nutanix Flow Network Security solution.
Flow Network Security expands microsegmentation capabilities with entity groups, vNIC-specific policies, and global policy scopes. This validated solution empowers customers to seamlessly implement CloudGuard Network Security using Nutanix native Service Insertion and firewall chaining capabilities—fully integrated with Flow Virtual Networking (FVN) solution for streamlined, high performing, scalable network security.
This builds on the long standing partnership between Check Point and Nutanix and extends the integration introduced in our earlier blog post, Advanced Network Security with Check Point CloudGuard and Nutanix Cloud Platform
What is Nutanix Flow Service Insertion?
Service Insertion allows you to insert third-party virtual network services (like Check Point CloudGuard Network Security with IPS, Anti-Bot, etc.) into the data path between VMs—enabling L3 network service chaining. It integrates with Flow Network Security (FNS) to route traffic through virtual appliances for advanced network security and visibility.
What’s New with Nutanix AOS 7.3?
Nutanix AOS 7.3 introduces key enhancements for automating and securing modern virtual networks. These capabilities simplify configuration and management of virtual networks for security architects:
Service Insertion: Integrating with Flow Network Security (FNS) allows seamless redirection of traffic to third-party firewalls like Check Point CloudGuard Network Security for deep packet inspection and policy enforcement.
Improved policy creation, visualizations, and service chaining workflows make it easier to implement highly available, zero trust micro-segmentation and compliance controls.
CloudGuard Network Security + Service Insertion = Zero Trust Simplified
With the support for Flow Service Insertion, Check Point further enhances its solution integration with Nutanix. Traffic between VMs or across tenant zones can now be automatically redirected through CloudGuard Network Security firewalls for inspection and enforcement—without manually configuring routing tables or VLANs.
This enables:
- Highly Available Zero Trust Architecture
- East-West micro-segmentation
- Multi-tenant security
- Traffic logging and compliance
- Transparent East-West traffic inspection inside the VPC
- North-South security enforcement for traffic entering or exiting the Nutanix environment
- Dynamic, policy-based service chaining to apply multiple layers of inspection
How Firewall Chaining Works with CloudGuard Network Security
Firewall chaining allows you to define a service chain, enabling traffic to be passed through a series of inspection points, such as Check Point firewalls, IDS/IPS, and other appliances, in a defined order, not based on static routing but dynamic policies:
[VM1] → [CloudGuard Network Security NGFW] → [Traffic Analyzer] → [VM2]
Using the Flow Network Security (FNS) solution, security engineers can define traffic policies that automatically route selected flows through the CloudGuard Network Security gateway. CloudGuard Network Security then inspects and filters traffic using its industry-leading Threat Prevention, Application Control, IPS, Anti-Virus, and Anti-Bot technologies—all managed centrally through Check Point's SmartConsole or Infinity Portal.
Key Benefits for Nutanix and CloudGuard Network Security Customers
- Enhance compliance: Enforce Zero Trust and AI-powered traffic inspection for regulated data
- Optimize security operations costs with CloudGuard Network Security adaptive policies - through integration with the Nutanix Prism Central multi-cluster manager
CloudGuard Network Security imports categories, tags, endpoint groups, and virtual machine identities into its security management framework. This use of Nutanix categories and tags enables the creation of security policies that automatically adapt to changes in virtual infrastructure. For instance, if a new Nutanix Store Server VM is deployed and added to the Store_Servers group, it will automatically receive the policies for the Store Servers group ensuring continuous and consistent protection without manual intervention.
| Joint Capabilities | Description |
| Zero Trust Micro-Segmentation | Enforce L3–L7 security policies, application, and user blocking between cloud subnets and workloads |
| Dynamic Traffic Steering | Route traffic based on policy, not static rules |
| Multi-tiered Security | Chain multiple services (e.g., FW + IPS) |
| Integrated Monitoring | Visibility through Flow Visualizer + Check Point logs |
| Reduced Complexity | No manual network plumbing—fully software-defined |
Next Steps: Secure Your Nutanix Infrastructure and All Your Networks with Check Point
Combining Nutanix's SDN capabilities with CloudGuard Network Security provides the control, visibility, and automation you need to securely scale cloud services anywhere you choose.
To learn more about sign up for a cloud security discussion and demo of CloudGuard Network Security on Nutanix and explore our joint solution brief.
©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).