In This Section: |
If you do not have CloudGuard Controller, install R80.30 or upgrade the vSEC Controller from an earlier version.
See the R80.30 Installation and Upgrade Guide.
Important Information:
$MDS_FWDIR/conf/vsec.conf
$MDS_FWDIR/conf/tagger_db.C
$MDS_FWDIR/conf/AWS_regions.conf
Note - During the upgrade, CloudGuard Controller does not communicate with the Data Center. Therefore, Data Center objects are not updated on the CloudGuard Controller or the Security Gateways.
In the R80.30 Security Management Server, the CloudGuard Controller is disabled by default.
Note - On the Management Servers in High Availability deployment, perform these steps on both Management Servers.
To enable the CloudGuard Controller on the Management Server:
Step |
Description |
---|---|
1 |
Connect to the command line on the Management Server. |
2 |
Log in to Gaia Clish, or Expert mode. |
3 |
On a Multi-Domain Server, go to the main MDS context:
|
4 |
Enable the CloudGuard Controller:
The output shows:
|
To disable the CloudGuard Controller on the Management Server:
Step |
Description |
---|---|
1 |
Connect to the command line on the Management Server. |
2 |
Log in to Gaia Clish, or Expert mode. |
3 |
On a Multi-Domain Server, go to the main MDS context:
|
4 |
Enable the CloudGuard Controller:
Command prompts you:
After you confirm, the output shows:
Note - When you disable CloudGuard Controller, CloudGuard Controller functionality does not work. |
CloudGuard Controller works with these Security Gateways:
Important - To use the CloudGuard Controller with R77.20 and R77.30 Security Gateways (R77.30 with Jumbo Hotfix Accumulator below Take 309), you must install the CloudGuard Controller / vSEC Controller Enforcer Hotfix on those R77.20 and R77.30 Security Gateways. See sk129152.
For a Security Gateway to work with Data Center objects:
Step |
Description |
---|---|
1 |
In SmartConsole, from the left navigation panel, click Gateways & Servers. |
2 |
Open the applicable Security Gateway object. |
3 |
From the left tree, click General Properties. |
4 |
On the Network Security tab, select the Identity Awareness Software Blade. The Identity Awareness Configuration > Methods for Acquiring Identity window opens. Clear the AD Query, if it is not necessary. |
5 |
Select I do not wish to configure an Active Directory at this time. The Identity Awareness Software Blade is activated by default. |
6 |
Click Next > Finish. |
7 |
From the left tree, click Identity Awareness. |
8 |
Select Identity Web API. |
9 |
Click Settings. The Identity Web API Settings window opens. |
10 |
From the Authorized Clients section, add the 127.0.0.1 host object. |
11 |
In the Selected Client Secret, enter a secret word. Press Generate to create the client secret. Click OK. |
12 |
Install the Access Control Policy. |
To work with Data Center objects, you must:
To enable Identity Awareness Software Blade:
Step |
Description |
---|---|
1 |
In SmartConsole, from the left navigation panel, click Gateways & Servers. |
2 |
Open the applicable Security Gateway object. |
3 |
From the left tree, click General Properties. |
4 |
On the Network Security tab, select the Identity Awareness Software Blade. The Identity Awareness Configuration > Methods for Acquiring Identity window opens. Clear the AD Query, if it is not necessary. |
5 |
Select Terminal Servers > Next. The Identity Awareness Configuration > Integration with Active Directory window opens. |
6 |
Select I do not wish to configure an Active Directory at this time. The Identity Awareness Software Blade is activated by default. |
7 |
Click Next > Finish. |
8 |
Click OK. |
9 |
Install the Access Control Policy. |
To enable the communication between the CloudGuard Controller and the Identity Awareness daemon on the Security Gateway:
Step |
Description |
---|---|
1 |
Connect to the command line on each applicable Security Gateway. |
2 |
Log in to Gaia Clish, or Expert mode. |
3 |
Enable the Identity Awareness API:
Note: On a VSX Gateway, run the command in the context of each applicable Virtual System. |
To work with Data Center objects, you must:
To enable Identity Awareness Software Blade:
Step |
Description |
---|---|
1 |
In SmartConsole, from the left navigation panel, click Gateways & Servers. |
2 |
Open the applicable Security Gateway object. |
3 |
From the left tree, click the General Properties. |
4 |
On the Network Security tab, select the Identity Awareness Software Blade. The Identity Awareness Configuration > Methods for Acquiring Identity window opens. Clear the AD Query, if it is not necessary. |
5 |
Select Terminal Servers > Next. The Identity Awareness Configuration > Integration with Active Directory window opens. |
6 |
Select I do not wish to configure an Active Directory at this time. The Identity Awareness Software Blade is activated by default. |
7 |
Click Next > Finish. |
8 |
Click OK. |
9 |
Install the Access Control Policy. |
To enable the communication between the CloudGuard Controller and the Identity Awareness daemons on the Security Gateway Modules:
Step |
Description |
---|---|
1 |
Connect to the command line on the Scalable Platform. |
2 |
Log in to Gaia Clish, or Expert mode. |
3 |
Enable the Identity Awareness API:
Note: On a VSX Gateway, run the command in the context of each applicable Virtual System. |