Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tgross
Explorer
Jump to solution

Cloudguard datacenter objects - AWS resources supported

Hi there,

 

We're trying to see what resources are supported for Cloudguard datacenter objects and AWS.

The documentation is not 100% clear on what is supported, e.g. https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminG...

- this documentation says it supports tags, but not what resource from those tags, e.g. tags on EC2 instances or ENI network interfaces?

In our case we'd like to see if tags are supported on ENIs so that we can tag ENIs with particular groups that then can get used to allow in checkpoint for rules to allow traffic.

Cheers!

0 Kudos
1 Solution

Accepted Solutions
Shayro
Employee
Employee

Hi,
Unfortunately we do not support tags in ENIs, only in instances.

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

So to confirm your seeking further detail to clarify:

"Import all instances and Security Groups that have a specific Tag Key or Tag Value." ?

 

R81.20 What's New: New AWS resources - Load Balancer tags

CCSM R77/R80/ELITE
0 Kudos
tgross
Explorer

Hi Chris,

 

We would like to tag ENIs if possible (AWS network interfaces), or else use security groups. From the documentation:

 

"Import all IP addresses that belong to a specific Security Group. The Security Group is used only as a container for the list of all IP addresses of Instances that are attached to this group."

 

Is this limited to EC2 instances, or does the checkpoint retrieve all IP addresses associated with the security group? What I'm trying to understand is whether it's limited to EC2's or if we can use that for any AWS resource using a network interface (IP address), like workspaces, lambdas, rds instances?

 

Thanks heaps for your help.

0 Kudos
Shayro
Employee
Employee

Hi,
Unfortunately we do not support tags in ENIs, only in instances.

0 Kudos
tgross
Explorer

Thanks for letting me know - how about security groups: does the checkpoint get all IPs of a security group no matter what resource type it is?

0 Kudos
Shayro
Employee
Employee

Are you looking for IP address for a specific resource type? I checked for ENI, you get its IP address in the security group.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.