Create a Post

src/dst check for RDS instances in AWS

Hi there,

As you know when deploying CloudGuard in AWS, you must turn off src/dst check. When dealing with RDS instances you cannot turn this option off. It looks like the only way a server behind a CloudGuard gateway can access an RDS instance on a different subnet is to create a NAT rule nat'ing the src IP to that of an IP on the same subnet as the RDS instance. 

Is this true? Or is there another way?



0 Kudos
0 Replies