Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Don_Paterson
Advisor
Advisor

HCP roadmap question

Is there a roadmap for new features planned for hcp?

One area I would be interested to know about is CloudGuard Network Security health checks. 

Since some of the daemons are unique per CSP and there are unique troubleshooting and testing scripts for cloud it seems like a good idea to have a single command that can run the relevant cloud tests. 

Thanks,

Don

 

0 Kudos
5 Replies
Tal_Paz-Fridman
Employee
Employee

I have forwarded your request to CloudGuard owners in R&D.

(1)
Tal_Paz-Fridman
Employee
Employee

Hi @Don_Paterson 

Could you please elaborate which tests are missing? What features and scripts would you like HCP to cover?

0 Kudos
Don_Paterson
Advisor
Advisor

Hi Tal,

Sure.

There could be a CloudGuard topic in the Test area (under Gaia, System, Cluster etc.).

Capturing the *-ha.json files can show the relevant details in the hcp output. For example, the Tenant ID, RG, cluster-vip, templateName etc. 

Maybe they can be checked for some of that content (presence).

Capture these files and any other files of interest in /etc/

  • /etc/cloud-version
  • /etc/cloud-version.json

Display Template version and refer to https://support.checkpoint.com/results/sk/sk173705 

Checking that the relevant HAD is up and running e.g. AZURE_HAD;

Example: Check that /etc/fw/scripts/azure_had.py is running

cpwd_admin getpid -name AZURE_HAD

- cpwd_admin list | grep AZURE_HAD

Capturing public IP addresses could improve visibility in the HCP Topology view.

HCP connectivity tests could include public cloud dependent URLs and/or IPs e.g. 168.63.129.16

Health probe checks (?)

Check or capture proxy settings.

IAM permissions checks.

Maybe run the *ha_test.py scripts to capture output.

That could be enough to cover many of the CloudGuard Network Security/Gateway tests and capture output for HCP.

Maybe a CloudGuard test could be added to the list: hcp -r CloudGuard

I don't see anything like that in the list ( hcp --cli-list-tests)

References:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CloudGuard_Network_for_AWS_Single_AZ_Clu...  

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_for_AWS_Cross_AZ_Cluster/C...

 

From sk175023 - ATRG: CloudGuard Network for Azure - High Availability (HA)

  • How can I know that my cluster is well configured?
    1. Make sure that the tester ($FWDIR/scripts/azure_ha_test.py)passes and there are no errors in $FWDIR/log/azure_had.log on each member.
    2. Ensure that the cluster members use a Jumbo Hotfix that contains fixes of the relevant limitation mentioned above.
    3. Make sure that the daemon in charge of communicating with Azure runs on each cluster member by running: cpwd_admin getpid -name AZURE_HAD and ensuring the output is different from 0.

     

     

    Thanks,

    Don

Don_Paterson
Advisor
Advisor

Hi Tal,

This seems like a good thread to ask if there are plans for VM Watch to be integrated into any of thw Azure CloudGuard NS solutions?

 

https://learn.microsoft.com/en-us/azure/virtual-machines/azure-vm-watch

 

Regards,

Don

Don_Paterson
Advisor
Advisor

I am adding this link to a post I did last year which is related to this new post. 

https://community.checkpoint.com/t5/Cloud-Network-Security/CloudGuard-simplified-troubleshooting/m-p...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events