Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shira
Participant

Managing remote gateway via internet

Hi All,

 

We currently have MGMT HA managing 6 remote sites via mpls, but there is a new requirement to azure CloudGuard implemented which needs to be managed by the on prem management server.

 

Necessary information :

 

1. Public ip is not configured on the mgmt. servers.

2. If Mgmts. has to reach internet it has to go through head office cp cluster fw(with isp redundancy).

Mgmt. ---> on prem CP cluster FW(isp redundancy) ----> internet ---> azure cloud guard fw

3. Establishing VPN tunnel between azure fw(not cloud guard) and on prem CP device was not fruitful and TAC closed SR by telling sic over VPN is not recommended.

4. Connecting via express route is not feasible as of now due to some issue at customer end.

what all possible ways that i can get this working.

Looking for valuable inputs.

@PhoneBoy 

WR,

Shira

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Yes, SIC over VPN is not recommended as it leaves you no way to manage the gateways if the VPN goes down.
And yes, management needs a public IP for gateways to send logs.
ISP Redundancy doesn't offer a way to "fail over" the management IP to a different one (which may be needed in some situations).

0 Kudos
BikeMan
Contributor

did you tried sk101275 ?

0 Kudos
Diyaa3791
Contributor

I did get around this by using IPv6. However, this is a term that lots of people don't like to hear 😁.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events