AnsweredAssumed Answered

Communicating AWS vSEC with On-Prem SMS and GW

Question asked by Sajid Abbas on Sep 23, 2018
Latest reply on Oct 12, 2018 by Jeroen Demets


I have some queries regarding AWS vsec and on prem communication


1. I have added AWS cloudguard (CG) instance on our on-premise SMS through CG public IP address. This has been successfully added and SIC established. Is this the best way to add CG.


2. I have configured VPN between on-prem GW and CG. This is not being established due to certificate error as also mentioned in previous update. On further checking the logs of CG, i saw it could not retrieve CRL.


3. One VPN is being negotiated, does communication to CG Public IP including retrieving CRL go through VPN


4. We have seen this that communication to external GW Public IP (which is also peer IP address for VPN) stops working. Is there anyway to exclude this so CG can keep communicating with on prem servers


5. We are unable to see logs from this CG. The reason could be that log servers have local IP address on their object which is not recognised by CG.


I would appreciate if somone can advise on what are the best practices around the above queries.