Azure DataCentre Not Updating
I am having issues with Azure Datacentre objects.
i have a rule which states Subnet A from Azure is allowed to go out to Azure services on HTTP. There was previously one machine in that subnet - .100.
We have now just added some scale set instances into the subnet. .101 and .102 these are now been dropped by the FW, by the drop rule at the bottom of the policy.
I have found that the datacentre object for subnet A was last updated 24 hours ago and as a result is not included in the subnet to allow access outbound. Does anyone know how to update this? or why it isnt updating?
The data center is updating every 30 seconds (default value, unless you changed that in the configuration).
To understand why the data center is not updating you can check the Logs in the SmartConsole and filter with blade:"CloudGuard IaaS" and also you can check the $FWDIR/log/cloud_proxy.elg file for errors.
Thank you, I have found the below error - any ideas?
17/07/20 20:25:04,420 ERROR datacenter.util.CommandExec [gateway-updater_AutoProvision--XXXXXXXXX]: Command '[/opt/CPshrd-R80.40/bin/cprid_util, -server, XXXXXXXXX, -timeout, 120, -verbose, rexec, -rcmd, /bin/bash, /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh, AutoProvision--XXXXXXXXX_0--XXXXXXXXX, 3qMkMtm0/BoNY3xB]' failed with code 7. Stdout=''. Stderr=''.
17/07/20 20:25:04,420 ERROR ida.requests.IDARequestsSender [gateway-updater_AutoProvision--XXXXXXXXX--XXXXXXXXX]: Error while attempt to connect to server: XXXXXXXXX
ssh to the GW with the issue
Give exec permissions: chmod +x /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh
Edit the file: vi /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh and change first line from “#!/bin/bash” to “#!/bin/bash -x”
run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh and monitor the errors.
Thanks for this when running run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh i get the below error, (as well as some passes)
<TITLE> 404 File Not Found </TITLE>
The URL you requested could not be found on this server.
Also i notice the file changes back to #!/bin/bash
Do you have Identity Awareness blade active on the GW?
Please see CloudGuard Controller Admin Guide.
The file change back because it is overridden by the CloudGuard Controller. You can move your modified version to a new file.