This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shira
Participant
‎2024-05-22 12:30 AM

Managing remote gateway via internet

Hi All,

 

We currently have MGMT HA managing 6 remote sites via mpls, but there is a new requirement to azure CloudGuard implemented which needs to be managed by the on prem management server.

 

Necessary information :

 

1. Public ip is not configured on the mgmt. servers.

2. If Mgmts. has to reach internet it has to go through head office cp cluster fw(with isp redundancy).

Mgmt. ---> on prem CP cluster FW(isp redundancy) ----> internet ---> azure cloud guard fw

3. Establishing VPN tunnel between azure fw(not cloud guard) and on prem CP device was not fruitful and TAC closed SR by telling sic over VPN is not recommended.

4. Connecting via express route is not feasible as of now due to some issue at customer end.

what all possible ways that i can get this working.

Looking for valuable inputs.

@PhoneBoy 

WR,

Shira

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2024-05-22 05:22 AM

Yes, SIC over VPN is not recommended as it leaves you no way to manage the gateways if the VPN goes down.
And yes, management needs a public IP for gateways to send logs.
ISP Redundancy doesn't offer a way to "fail over" the management IP to a different one (which may be needed in some situations).

0 Kudos
BikeMan
Contributor
‎2024-05-22 07:54 AM

did you tried sk101275 ?

0 Kudos
Diyaa3791
Contributor
‎2024-05-22 08:12 AM

I did get around this by using IPv6. However, this is a term that lots of people don't like to hear 😁.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events