cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Azure Scale Set Gateways Disappeared from Policy

We have deployed Azure Cloudguard Scale Set and have an interesting issue where our gateways are no longer present in the console. I looked at the auto-provision log and all I can see is the gateways are stuck in 'INITIALIZING' state. I know if I re-image them they will come back online but that also requires a slight rebuild of the gateway. Has anyone dealt with this and know how to reconnect the gateway to the manager without the redeploy?

Failed scale set log entries during gateway sync:

2019-01-24 21:22:36,179 MONITOR INFO {firewall #1}:  INITIALIZING
2019-01-24 21:22:36,203 MONITOR INFO {firewall #2}:  INITIALIZING

Our working scale set looks like the following in the same log during gateway sync:
2019-01-24 21:22:36,203 MONITOR INFO updating: {firewall #1} 
2019-01-24 21:22:36,204 MONITOR INFO {firewall #1}: COMPLETE
2019-01-24 21:22:36,204 MONITOR INFO {firewall #2} 
2019-01-24 21:22:36,256 MONITOR INFO {firewall #2} : COMPLETE

No issues with the auto-provision connectivity in general and no changes on our Azure side. These gateways were in my console at one point and then just disappeared and can't seem to find out why and a way to get them back in without a redeploy. Thanks in advance!

** UPDATE **

Looks like during a gateway sync the instances in the scale set could not be found (even though they existed and still do) and were deleted from the manager. However the firewalls still function but I am unable to manage them or push policy to them. Not sure how to get them back in to the policy without doing a re-image?

4 Replies
Admin
Admin

Re: Azure Scale Set Gateways Disappeared from Policy

You might want to compare the tags assigned to these orphan gateways versus the tags assigned to working ones.

My guess (and it's only that) is that the orphan gateways don't have the correct tags assigned.

If they got removed for some reason, then the CloudGuard Controller would remove the gateway objects in the policy.

0 Kudos

Re: Azure Scale Set Gateways Disappeared from Policy

Dameon,

   I can confirm the tags are correct and they are not being modified/removed. I can re-image the instances in the scale set but after a few days they disappear with no reason I can see in the autoprovision.elg logs. I have a support case open but was curious if anyone else has dealt with this and if there is a way to get the gateway objects back in to the policy without reimage.

Thanks 

0 Kudos
Admin
Admin

Re: Azure Scale Set Gateways Disappeared from Policy

Send me the TAC SR in a private message.

Re: Azure Scale Set Gateways Disappeared from Policy

Hi,

The issue you describe has many possible causes. Sometimes this happens due to connectivity issues, or due to invalid tags on the scale set.

First of all, I suggest to check that you have the latest version of the autoprovision addon installed on your management server (according to the instructions in the administration guide).

In order to understand the root cause of the problem, please open a support ticket at Check Point and share it with me so I can follow up.

Thanks,

Dmitry