https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186636#M141 <P>Thanks for letting me know - how about security groups: does the checkpoint get all IPs of a security group no matter what resource type it is?</P> Mon, 17 Jul 2023 21:57:59 GMT tgross 2023-07-17T21:57:59Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186301#M137 <P>Hi there,</P><P>&nbsp;</P><P>We're trying to see what resources are supported for&nbsp;Cloudguard datacenter objects and AWS.</P><P>The documentation is not 100% clear on what is supported, e.g.&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminGuide/Topics-CGRDG/Supported-Data-Centers-AWS.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminGuide/Topics-CGRDG/Supported-Data-Centers-AWS.htm</A></P><P>- this documentation says it supports tags, but not what resource from those tags, e.g. tags on EC2 instances or ENI network interfaces?</P><P>In our case we'd like to see if tags are supported on ENIs so that we can tag ENIs with particular groups that then can get used to allow in checkpoint for rules to allow traffic.</P><P>Cheers!</P> Thu, 13 Jul 2023 01:39:40 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186301#M137 tgross 2023-07-13T01:39:40Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186364#M138 <P><SPAN>So to confirm your seeking further detail to clarify: </SPAN></P> <P><SPAN>"Import all <STRONG>instances</STRONG> and&nbsp;</SPAN><STRONG><SPAN class="mc-variable Vars_Other.tp_sgs variable">Security Groups</SPAN></STRONG><SPAN>&nbsp;that have a specific Tag Key or Tag Value." ?</SPAN></P> <P>&nbsp;</P> <P><SPAN>R81.20 What's New: New AWS resources - Load Balancer tags</SPAN></P> Thu, 13 Jul 2023 13:08:39 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186364#M138 Chris_Atkinson 2023-07-13T13:08:39Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186544#M139 <P>Hi Chris,</P><P>&nbsp;</P><P>We would like to tag ENIs if possible (AWS network interfaces), or else use security groups. From the documentation:</P><P>&nbsp;</P><P>"Import all IP addresses that belong to a specific<SPAN>&nbsp;</SPAN><SPAN class="">Security Group</SPAN>. The<SPAN>&nbsp;</SPAN><SPAN class="">Security Group</SPAN><SPAN>&nbsp;</SPAN>is used only as a container for the list of all IP addresses of Instances that are attached to this group."</P><P>&nbsp;</P><P>Is this limited to EC2 instances, or does the checkpoint retrieve all IP addresses associated with the security group? What I'm trying to understand is whether it's limited to EC2's or if we can use that for any AWS resource using a network interface (IP address), like workspaces, lambdas, rds instances?</P><P>&nbsp;</P><P>Thanks heaps for your help.</P> Sun, 16 Jul 2023 23:34:41 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186544#M139 tgross 2023-07-16T23:34:41Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186590#M140 <P>Hi,<BR />Unfortunately we do not support tags in ENIs, only in instances.</P> Mon, 17 Jul 2023 13:34:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186590#M140 Shayro 2023-07-17T13:34:58Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186636#M141 <P>Thanks for letting me know - how about security groups: does the checkpoint get all IPs of a security group no matter what resource type it is?</P> Mon, 17 Jul 2023 21:57:59 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186636#M141 tgross 2023-07-17T21:57:59Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186808#M142 <P><LI-WRAPPER><SPAN><SPAN class="ui-provider bbd bbe c d e f g h i j k l m n o p q r s t bbf bbg w x y z ab ac ae af ag ah ai aj ak">Are you looking for IP address for a specific resource type? I checked for ENI, you get its IP address in the security group.</SPAN></SPAN></LI-WRAPPER></P> <P><SPAN>&nbsp;</SPAN></P> Wed, 19 Jul 2023 08:21:00 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-datacenter-objects-AWS-resources-supported/m-p/186808#M142 Shayro 2023-07-19T08:21:00Z