We have an on premise PDP which is pushing/ sharing the identities to a Azure Cloudguard using the public IP address of the gateway (also restricted on the source public IP address). This is quiet helpfull as this is Out of Band management and not crossing any Azure Load Balancer. This is working and the Azure Cloudguard PEP has all the user information. The Azure Cloudguard also tries to retrieve the identities by connecting to the same IP address but the IP address from the PDP is not reachable.
We know that sk60701 explains how to change the IP address of the identity sharing gateways but we dont want to do that, hence it is already working, but the PDP "complains" that is lost its connection to the Azure Cloudguard. Again the connection from the PDP to Azure firewalls PEP are working fine and the gateways have the identities but the opposite direction is not able to establish the connection.
The only thing we try to avoid is that the PDP is reporting errors but in fact is working fine and the Azure cloudguard does not need to share its identities, but only receive from the PDP.
Is there a way to control and only enforce PDP push identities from the PDP to PEP and not to perform any PDP pull from the PEP in Azure?
Perhaps there is some neat feature called smartpush from PDP to PEP and not to perform any smartpulls, asking for a friend 🙂