Having been exposed to more traditional deployments such as physical and virtual SMS and gateways, I would like to know how the base installation and certain features get accomplished with CloudGuard in order to wrap my brain around its usefulness when evaluating and scoping projects.
Would it be correct to state that CloudGuard is primarily designed to manage and protect organisations' Cloud environments such as AWS and Azure, using virtual gateways? but that it can also manage on-Premise Gateways at the same time?
When setting up the CloudGuard SasS (I'll refer to it as C-SMS) with on-Premise Gateways in a ClusterXL or any other configuration, the only way I can imagine that the C-SMS can establishing SIC will be via the gateways public IP addresses? In the event that one of the gateways loses internet connectivity, this will no longer be manageable.
What about logs and all the telemetry that the gateways capture, does this constantly gets uploaded to the C-SMS? what is the bandwidth impact when most blades are active?
Finally integrating the firewalls with AD usually requires the creation of LDAP Account Unit and enabling the IA blade, Whereas this is trickier to accomplish with a C-SMS deployment. I came across the following article when researching LDAP integration C-SMS.
Is this the best practice? Or can the traditional approach (LDAP account unit and IA blade) also work with some policies and NAT rules to allow the C-SMS to reach the on-Prem Domain Controllers?