Re: Managing remote gateway via internet

Shira · ‎2024-05-22

Hi All,

We currently have MGMT HA managing 6 remote sites via mpls, but there is a new requirement to azure CloudGuard implemented which needs to be managed by the on prem management server.

Necessary information :

1. Public ip is not configured on the mgmt. servers.

2. If Mgmts. has to reach internet it has to go through head office cp cluster fw(with isp redundancy).

Mgmt. ---> on prem CP cluster FW(isp redundancy) ----> internet ---> azure cloud guard fw

3. Establishing VPN tunnel between azure fw(not cloud guard) and on prem CP device was not fruitful and TAC closed SR by telling sic over VPN is not recommended.

4. Connecting via express route is not feasible as of now due to some issue at customer end.

what all possible ways that i can get this working.

Looking for valuable inputs.

@PhoneBoy

WR,

Shira

PhoneBoy · ‎2024-05-22

Yes, SIC over VPN is not recommended as it leaves you no way to manage the gateways if the VPN goes down.
And yes, management needs a public IP for gateways to send logs.
ISP Redundancy doesn't offer a way to "fail over" the management IP to a different one (which may be needed in some situations).

BikeMan · ‎2024-05-22

did you tried sk101275 ?

Diyaa3791 · ‎2024-05-22

I did get around this by using IPv6. However, this is a term that lots of people don't like to hear 😁.

Are you a member of CheckMates?

Managing remote gateway via internet