This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tgross
Explorer
‎2023-07-12 06:39 PM
Jump to solution

Cloudguard datacenter objects - AWS resources supported

Hi there,

 

We're trying to see what resources are supported for Cloudguard datacenter objects and AWS.

The documentation is not 100% clear on what is supported, e.g. https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CloudGuard_Controller_AdminG...

- this documentation says it supports tags, but not what resource from those tags, e.g. tags on EC2 instances or ENI network interfaces?

In our case we'd like to see if tags are supported on ENIs so that we can tag ENIs with particular groups that then can get used to allow in checkpoint for rules to allow traffic.

Cheers!

0 Kudos
1 Solution

Accepted Solutions
Shayro
Employee
Employee
‎2023-07-17 06:34 AM
In response to tgross
Jump to solution

Hi,
Unfortunately we do not support tags in ENIs, only in instances.

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-07-13 06:03 AM
Jump to solution

So to confirm your seeking further detail to clarify:

"Import all instances and Security Groups that have a specific Tag Key or Tag Value." ?

 

R81.20 What's New: New AWS resources - Load Balancer tags

CCSM R77/R80/ELITE
0 Kudos
tgross
Explorer
‎2023-07-16 04:34 PM
In response to Chris_Atkinson
Jump to solution

Hi Chris,

 

We would like to tag ENIs if possible (AWS network interfaces), or else use security groups. From the documentation:

 

"Import all IP addresses that belong to a specific Security Group. The Security Group is used only as a container for the list of all IP addresses of Instances that are attached to this group."

 

Is this limited to EC2 instances, or does the checkpoint retrieve all IP addresses associated with the security group? What I'm trying to understand is whether it's limited to EC2's or if we can use that for any AWS resource using a network interface (IP address), like workspaces, lambdas, rds instances?

 

Thanks heaps for your help.

0 Kudos
Shayro
Employee
Employee
‎2023-07-17 06:34 AM
In response to tgross
Jump to solution

Hi,
Unfortunately we do not support tags in ENIs, only in instances.

0 Kudos
tgross
Explorer
‎2023-07-17 02:57 PM
In response to Shayro
Jump to solution

Thanks for letting me know - how about security groups: does the checkpoint get all IPs of a security group no matter what resource type it is?

0 Kudos
Shayro
Employee
Employee
‎2023-07-19 01:21 AM
In response to tgross
Jump to solution

Are you looking for IP address for a specific resource type? I checked for ENI, you get its IP address in the security group.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events