Hello fellow members.
Would really appreciate your expert opinions on this matter.
Currently I'm tasked w/ converting an on-premise standalone R80.40 setup to a distributed management and Cluster-XL setup.
Let's call the current setup old-mgmt-gateway-01.
This also manages an Azure R80.10 CloudGuard IaaS instance, let's call this azure-cg-01.
There's a site to site VPN between old-mgmt-gateway-01 and azure-cg-01.
Remote VPN clients also connect to old-mgmt-gateway-01.
I'm proposing the following as per sk154033:
- Secondary management server, let's call this new-mgmt.
- New primary gateway only, let's call this new-gateway-01.
- New secondary gateway only, let's call this new-gateway-02.
- Cluster-XL object, let's call this new-clusterxl.
I've already achieved successful management HA sync.
Moving forward, I'm seeking clarity on the following:
- Since VPN clients are presented w/ the gateway's certificate upon site creation and connection, wouldn't the name new-clusterxl break current Endpoint Security VPN site configuration? I would rather not use the old-mgmt-gateway-01 as the cluster object name.
- Does the same hold true for site to site VPN w/ azure-cg-01?
- Outbound HTTPS Inspection is currently enabled, so if the cluster object uses a name other than old-mgmt-gateway-01, does that require the gateway certificate to be regenerated?
If there are any other dependencies that you think I missed, do let me know.