- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Service exposed in multiple AWS region
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Service exposed in multiple AWS region
Hi
I've deployed Cloudguard IaaS instances in front of the Internet and published an RDP service through an NLB in AWS US region.
I'll plan to publish the service also in AWS APAC region and protected with the same way as the first NLB+CloudGuard.
I'd like to use the same firewall policy and NAT rules for both regions. I create the policy and NAT rule manually:
src: Internet --- dst: LocalGateway --- Xlate Src: LocalGateway (Hide) --- Xlate Dst: RDP_Service_US (s)
I'd like to know how I can add the NAT rule by using the 'LocalGateway' dynamic object. I don't if I can create the rule below when my 2nd AWS region will ready.
src: Internet --- dst: LocalGateway --- Xlate Src: LocalGateway (Hide) --- Xlate Dst: RDP_Service_APAC (s)
Regards
Ay
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LocalGateway is a dynamic object, which is effectively a "placeholder" object.
It has no definition in Security Management and resolves on the security gateway itself.
A handful of dynamic objects (LocalGateway being one) are managed by the gateway itself.
You can create other dynamic objects as well, and their definition is defined using the dynamic_objects CLI command on the gateway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use the LocalGateway object in NAT rules, yes, and it resolves on the local gateway itself.
One comment on the source, you can't really use "Internet" or "Any" for a source, but you can use the "All_Internet" object, which is basically the same thing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your feedback.
But I don't understand how both rules will match the correct gateway (US and APAC one) with the same LogalGateway object with a unique NAT rule? agree @PhoneBoy ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LocalGateway is a dynamic object, which is effectively a "placeholder" object.
It has no definition in Security Management and resolves on the security gateway itself.
A handful of dynamic objects (LocalGateway being one) are managed by the gateway itself.
You can create other dynamic objects as well, and their definition is defined using the dynamic_objects CLI command on the gateway.