I'm working on my presentation for CPX and have run into this: Security Management Server with CloudGuard for AWS
In it, there is a recommendation to change the main IP of the Management Server:
In all other cases, the Security Management Server and Security Gateways will have to communicate with each other using public IP addresses. The object that represents the Management Server in the SmartConsole must have the public IP address as its main address. To set a public IP address as the Management Server's main address, follow these steps:
- Connect to the Management Server with SmartConsole.
- Select Gateways & Servers.
- Double click on the object representing the Management Server.
- Insert the Management Server's public IP address in the IP Address field.
- Publish changes.
Following this recommendation breaks logging of the existing gateways located on premises, at least in R80.10.
Is this something that R80.20 handling differently, or should there be a caveat mentioned that this is for new implementations only?
Additionally, there is a line there explicitly mentioning possibility of managing CLoudGuard gateways via their private IPs over VPN. This is something that was discussed in the past and it was not a recommended approach:
Communication over private IP addresses is possible in one of the following cases:
- The Management Server is in the same VPC as the Security Gateways.
- The Management Server is in another VPC that is peered with the VPC in which the Security Gateways are deployed.
- The Management Server is in an on-premises network that has connectivity to the VPC in which the Security Gateways are deployed, over Direct Connect.
- The Management Server is in an on-premises network that has connectivity to the VPC in which the Security Gateways are deployed, over a VPN connection.
Please advise if this too is now acceptable solution or if this too should carry warnings.