Cloudguard R81 Azure ResourceGroups dependencies
We have an active/standby Cloudguard IaaS (R81 take 58) running in Azure with an SMS (R81.10) on premise.
The Identity Awareness blade is active.
We're using Updatable Objects from Azure (like resource groups) in our Firewall Policy on the Cloudguards. We we arranged this with an configured Application ID/Directory ID to the Azure Cloud Environment.
What we see is that when the Cloudguards IaaS firewalls in Azure can't connect to the SMS On-Premise the resource groups aren't working anymore even when the connection between Cloudguard and SMS comes back.
The only solution then is to install the firewall policy again to the cloudguards.
What are the dependencies for the Cloudguards IaaS firewalls with a firewall policy containing Updatable Objects from Azure when the SMS isn't available.
- Is there some timeout on the caching we can increase...
- Is it a known bug...
- What are best practices?
For awareness the following is addressed in R81 JHF T69 & R81.10 JHF T75
UPDATE: Previously, because of connectivity issues with Azure, CloudGuard Controller was deleting IP addresses of Data Center objects from the Security Gateway. CloudGuard Controller will now show an error message instead of revoking identities from the Security Gateway.