CloudGuard Dome9 Admin port exposed - Alert example
Admin port exposed - Alert example
In this example, an alert occurs as a result of configuration error. The user notices it, views it, and takes corrective action.
- The user creates an SSH service to apply to the Inbound Policy for a security group. Instead of setting Port Behavior to Closed and requiring a Dynamic Access lease, they mistakenly set it to Open.
- If the Alerts main navigational control did not display any alert counter previously, it does now. If alerts were present before the configuration error, the number of alerts is increased.
- The user clicks Alerts and investigates the alert in question.
- Click the 'Review' button to be taken to the security group in question with the offending service rule highlighted;
- Correct the issue. In this case, click Edit on the SSH service name that is highlighted;
- This opens the Edit Service Port dialog that enables reconfiguration of service definition:
- Select Limited to reconfigure the SSH service. The default is to configure the service as On-Demand for use with Dynamic Access Leasing,
which is what we require in our scenario. It is possible, however, to set an individual IP, an IP range in CIDR notation, a DNS name, a CloudGuard Dome9 IP List object,
or another AWS security group as a permitted source of incoming traffic.
- Save the change by clicking 'Save'. The alert is cleared.
- It is also possible to check from inside the Security group if any Alerts are still open, Just click on Alerts under related links.
It will Filter all the Alerts to show only the selected Security group.
No Open Alerts,
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.