cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Eugene_Tcheby
inside CloudGuard IaaS 2 hours ago
views 22 1 1
Employee+

Step-by-Step Deployment Guide of CloudGuard autoscaling MIG in GCP / Ingress Traffic protection

Hi All, I put together a step-by-step guide with screenshots on how to deploy Cloudguard autoscaling MIG (managed instance group) in GCP. This version covers ingress traffic inspection with a basic webserver in a private subnet. Version 1.1 of document to include outbound inspection and testing of scaling events. Awaiting your feedback and comments.
Gad_Naveh
inside CloudGuard SaaS 12 hours ago
views 36 1
Employee+

CloudGuard SaaS Security Checkup

CloudGuard SaaS - Introducing Events Window and Security Checkup Hello SaaS community We are thrilled to introduce the new Infinity Portal Events Window. Customers can access it at the tenant dashboard's bottom left. Similar to Smart Log, the Events Window aggregates events’ information from all the Infinity portal applications and allows filtering and search on all events’ fields . Users can view log statistics on the right panel, choose the log dates they would like to filter, export logs to excel, view granular details on each log and more.     Adjacent to the Logs tab you can find the CloudGuard SaaS Security Checkup report! Security Checkup is the prime report to use at the end of each POC to reveal the value of CloudGuard SaaS to a potential customer This is an on-demand, executive format, event and analysis report that summarizes all events collected by the Log system. The report’s based events can cover different time periods which are configurable at the Time-Filter menu on the top left corner (see below). You can export the report to PDF, Excel or to only get the generic template by using the “Options” menu at the top right corner of the window. The security report together with the “Phishing Reports” tool highlights the value Cloud Guard SaaS brings to our customers.   Try it out!
Ashish_Shah1
Ashish_Shah1 inside CloudGuard IaaS 13 hours ago
views 46 1

R80.10 Content Awareness

We have deployed r80.20 on Azure Cloud Guard that is managed by R80.10 on-prem management appliance.I'm creating new policy for incoming traffic but want to use Content Awareness. Incoming traffic is HTTPS/HTTP that will try to read media/jpeg etc from server inside.When i create the rule and try to access server from internet it matches clean-up rule instead of rule that i created with content awareness. But if i remove anything put in content awareness it matches correct rule and allow traffic in.Anyone can please if help what the problem could be?Regards,Ashish
Martins
Martins inside CloudGuard-Dome9 yesterday
views 126 5

Log.ic license

Hi,How the CloudGuard Log.ic license model works?I don't understand just looking this imageThanks 
Offir_Zigelman
inside CloudGuard-Dome9 yesterday
views 70
Employee+

Coming Up: Adding Granular Permissions to the Compliance Module

The Dome9 permissions model is evolving! We’re adding additional granular permissions for the Compliance related features, allowing our customers to better define their Dome9 users and roles. The new permission model is scheduled for release on Wednesday, October 2nd.   Background Dome9 allows you to define users and roles. The Dome9 permissions model includes the ability to specify the permissions to view data for specific Cloud Accounts and Organizational Units, and manage the Network Security permissions (create and manage Security Groups, as well as ability to use Dynamic Access and IAM elevations).   The new capabilities we’re adding would allow you to better control the permissions of the Compliance Engine, and include: Add, edit or delete Rulesets  Add, edit or delete notifications and integrations with external systems and control alerts actions Add, edit or delete Remediations  Add, edit or delete Exclusions  Acknowledge alerts, add comments, assign alerts to users and change alert severity. Associate/disassociate Compliance Policy How does this change affect us? Dome9 permissions management screens - Roles screen and Users screen - would include additional permissions related to the Compliance Engine. Dome9 Super Users would be able to assign these new permissions to roles (or specific users directly). Users that do not include these permissions would not be able to perform the relevant actions (i.e. edit exclusions or acknowledge alerts).   These changes will affect the predefined “Auditor” role. Currently this role can perform many types of operations; when adding the new permissions Dome9 users assigned to the predefined “Auditor” role will not be able to: Create or edit rulesets. Edit Notifications and Integrations with external systems. Edit Compliance Policies. Perform actions on alerts (edit Remediations, edit Exclusions, acknowledge alerts, add comments, assign alerts and change severity). With that change, the predefined “Auditor” role would become an actual read-only role, and would be dedicated to auditing.   Note: No changes would be applied to the Super User role, it would still be able to perform any action.   What can I do to provide my users permissions the actions they used to perform? When the new permissions would be introduced it would be possible to choose which compliance-related actions your uses would be able to perform. Here are a few suggestions for the new roles you can use or generate: For auditors, that only observe and monitor, the updated “Auditor” role can be used. For users that also need to review alerts, process generated alerts and acknowledge, a new role should be created, and it should include the “Alerts Configurations and Actions” permission. Users that modify compliance content (create or modify compliance rulesets) should be assigned with the “Rulesets and Content” permission. Users that need to create notifications (send alert reports via emails, or other types of integrations such as AWS SNS, HTTP endpoints and more), as well as association of cloud accounts with compliance rulesets and notifications (“Continuous Compliance” policies) should be assigned with “Integrations and Notifications” permission. Use a Super User to edit users and roles and assign the new permissions.   If you have any questions or need help, please reach out to Support here. 
Abhishek_Singh1
Abhishek_Singh1 inside CloudGuard IaaS Friday
views 180 6

Checkpoint Vsec ClusterXL deployment in Azure with Active/Active - Loadsharing mode

Hi guys , I am looking for a solution to implement Active-Active (Load sharing)  clusterXL in Azure , but didn't find any templates  . Does checkpoint Vsec in Azure doesnot support this by design , or , What changes it would require to support this config ? Thanks!
GGiorgakis
GGiorgakis inside CloudGuard IaaS Thursday
views 102 3

How can we search for hosts which located behind CloudGurad ?

How can we search for hosts which located behind CloudGurad ?
Liam_McElhinney
Liam_McElhinney inside CloudGuard IaaS Thursday
views 132 2 1

CloudGuard Failure Issues in Azure

Hi,We have recently upgraded our R80.10 HA CloudGuard cluster in Azure to R80.20. We used the latest Azure marketplace template and have successfully deployed the two gateways to form the cluster. We successfully got everything configured and it has been working well. However, on two occasions now I have returned to work on the Monday morning to find that no traffic is flowing through to our IaaS estate in Azure through the firewalls. Upon checking SmartConsole I see red crosses and 'connection is lost' for both cluster members. On looking at the logs i see one last log originating from the Azure cluster member and the description is "(ClusterXL) interface enP1p0s2 of member 1 (10.12.2.8) was removed."A restart of the gateway VM's in Azure brings them back to life but this obviously isn't a viable solution. Has anyone had this issue before and can shed any light on it for us?ThanksLiam
Itamar-cohen
inside CloudGuard IaaS Wednesday
views 173 2
Employee

Planned Delisting Announcement for CloudGuard IaaS in Azure and AWS

Dear All,   Soon we intend to begin a process in Azure and AWS to remove R80.20 listings/images from the marketplace. In both platforms, there are already R80.30 listings/images available and we recommend to upgrade to this latest version. R80.10 and R80.20 listings in Google Cloud Platform were already removed.   R80.30 brings with it a performance boost and stability improvements. It is also important to mention that R80.20 GOGO based version JHF new content is not planned (only security fixes will be provided) and all new JHF will be introduced for R80.30.   Please note the following Current users that are already deployed with R80.20 will still be able to use their offerings and will be supported R80.20, once removed, won't be available to customers in the marketplace Customers with a legitimate business need for R80.20 or R80.10 (e.g. in final POC process) will need to contact us in order to get access to these images/listings once they will be removed. R80.30 Gateways can be managed by deploying a jumbo hotfix on older Management Servers starting from R80.20 Jumbo Hotfix take 91 and above & R80.10 Jumbo Hotfix take 225 and above (see sk149272 for more information). Index for upgrade documentation was created for your convenience - sk162365   If any concern is raised or more information is needed, please contact us.   Thank you
pmetridis
pmetridis inside CloudGuard IaaS a week ago
views 148 1

Use DataCenter objects from vCenter Vmware .

Dear all , I am trying to understand the usage of the integration with a Data Center VMware vCenter . I have configured successfully the VMware vCenter and i get information (like ip , name , ect ) from our vm infrastructure . So what i thought that i could use this kind of information i get , either to the Access Policy and use Data Center Objects , or for update the information i have for already imported objects . I have a few question , which i really have searched a lot before i post here . 1. The user which is configured for the integration to vCenter , what exactly permissions must have .2. Why when i try to use a DataCenter object to a rule i got error message like : Data Center objects and Network objects cannot be used together in the Source column OR Please refer to the vSEC Controller Administration Guide to configure the gateway as required by vSec ? Regarding the vSEC Controller Administration Guide , is necessary to enable the Identity Awareness - Identity Web API with the localhost ? I use different gateways for the PDP use & Identity Collector with IDC (Identity Sources - Identity Collector) - should i enable also the Web API ?  3. When i have import a server manually for example Srv_Web1 - 192.168.10.10 , but from the vCenter integration i have more specific information for the server , like name InternetWebServer - 192.168.10.10 , is it possible to update the information i manually added ? I really trying to understand at an environment with Firewall GWs , SMS Server & PDP Gws , which one has the role of vSec controller to integrate with the vCenter . Generally what benefits you have with the integration of the vCenter ? Where you can use this integration ?  Thanks in advanced for any info . Makis   
Abhishek_Kumar1
Abhishek_Kumar1 inside CloudGuard IaaS 2 weeks ago
views 270 9

Failover Issue with AWS deployment

Hi All We have deployed Firewall in AWS in HA.We have multiplease server configure in Static nat which is accessible from out side.we deployed firewall in cluster, we add virtual IP as secondary IP in Active Firewall interface and other multiple IPs which used for Static NAT.where my PRI IP:- 172.31.24.120, SEC IP :- 172.31.24.130 and vertual IP is :- 172.31.24.110We add the route for all subnet in AWS through the active firewall Network Interface. (172.31.24.120 secondary IP 172.31.24.110)Traffic is passing through the active firewall and everything is working fine.when we failover the traffic from Active to Standby. after few minuted all secondary Ip is mapped with Standby Firewall network interface.But route is not changed.When we check the traceroute, traffic is goint through Active firewall interface 172.31.24.120. it should go through the Virtual IP (172.31.24.110)Thats why our traffic is not working.when we change the route manually and add the Standby Firewall Network Interface traffic started working.and checked the Traceroute, it is going through the Virtual IP (172.31.24.110)Please someone help me to resolve the issue. 
Constantin_Pop
Constantin_Pop inside CloudGuard IaaS 2 weeks ago
views 383 5

Azure NIC issues - possibly waagent related

Hi all,  I noticed recurring issues with the Azure CP R80.20 cluster and was wondering if anyone else had this behavior.Basically the interfaces related to Azure Accelerated Networking unregister and may come up with a different name which breaks the traffic completely.Although this was supposed to be solved by Jumbo HF take 17 it occurred again.I believe it may be related to outdated buggy version of the Microsoft Azure Linux Agent (waagent) v2.2.11 installed on the VM (the last available version is v2.2.42)Now waiting for my SR to be picked up...Two other issues with the agent that are resolved in newer version:-agent's logs filling up the Azure Serial Console making it unusable-does not use the configured proxy serverEntries in /var/log/messages: kernel: kernel: hv_netvsc 000d3a25-c27e-000d-3a25-c27e000d3a25 eth0: Data path switched from VF: enP1p0s2 kernel: kernel: hv_netvsc 000d3a25-c27e-000d-3a25-c27e000d3a25 eth0: VF unregistering: enP1p0s2 kernel: kernel: [SIM4];cphwd_api_forward_packet: sim_mgr_prepare_packet failed kernel: kernel: [SIM4];simlinux_br_port: dev == NULL !!!!!  
Offir_Zigelman
inside CloudGuard-Dome9 2 weeks ago
views 221 1
Employee+

New CloudGuard Dome9 Integration: Splunk

Dome9 now supports HTTP based integration with Splunk, allowing to send JSON-formatted alerts produced by the Compliance Engine to easily to a Splunk HTTP Events Collector. Splunk is a data collection, monitoring, and analysis system. Many Dome9 customers use it as their Security information and event management (SIEM) solution. The new integration is very easy to set. On the Dome9 the integration requires setting up a "notification policy" that includes HTTP connector, and selecting the "Splunk - JSON" format. On Splunk the integration requires setting up an "HTTP Event Collector".   A user guide for the integration is available in the Dome9 help guide. For more on Dome9 Alerts and Notifications see here. Information on the Splunk HTTP Event Collector is available in Splunk Dev.
Offir_Zigelman
inside CloudGuard-Dome9 2 weeks ago
views 191 2
Employee+

New CloudGuard Dome9 Feature: Permissions on Organizational Units

We're excited to announce we're enhancing our Role Based Access Control (RBAC) model. Today we added the ability to view/manage cloud accounts by associating users and roles with Organizational Units (OU). Dome9 user management includes the ability to define access permissions. Each user or role can be restricted to specific cloud accounts managed by Dome9. The users can view data from specific cloud accounts on which they have "view" permissions, and manage setting (such as Security Groups definitions) in the cloud accounts on which they have "manage" permissions. By introducing the new OU permissions, it is now possible to grant "view" or "manage" permissions to an entire OU. A user (or role) that was granted permissions to an OU would be allowed to view or manage all the cloud accounts associated with the OU and its descendants. This permission behavior is applied automatically to any cloud account that is being associated with the relevant OU. Take a look at the new capabilities in our Administration Menu -> Users, and select "Organizational Units" under the "view" or "manage" sections. Same with Roles (Administration Menu -> Roles).   This is another part of our continuous effort to improve Dome9 user management and OU capabilities. Stay tuned for many new exciting RBAC and OU capabilities in the near future.
Krishna
Krishna inside CloudGuard SaaS 2 weeks ago
views 127 2

Deploying r80.20 CP standalone gateway with management and gateway in Azure

Hi, While deploying CP R80.20 standalone gateway in Azure, haven't found option to select weather it should be deployed as just Gateway/Gateway & Management/Management server while deploying (It will ask this while deploying R80.10), instead it asked for SIC key. Only gateway got deployed and not management. Does R80.20 supports management server and gateway in one device?Can we enable management server after the deployment of gateway?How to deploy both of them in standalone device in azure? Thanks in advance