Support Center > Search Results > SecureKnowledge Details
CloudGuard Network for Public Cloud - Frequently Asked Questions Technical Level

Below is a list of frequently asked questions about CloudGuard for Public Cloud.

Show the entire FAQ
  1. How to upgrade a CloudGuard Instance?

  2. Is it possible to convert a CloudGuard Security Gateway/Cluster to an AutoScaling/VMSS/MIG instances?

    There is currently no supported method for this type of a conversion.

    For instructions on how to deploy an autoscaling/VMSS/MIG, refer to Administration Guide for the specific version and platform.

  3. Is it possible to convert a CloudGuard Security Gateway to a CloudGuard Security Cluster?

    There is currently no support method for this type of a conversion.

  4. How to keep a public IP for a public cloud instance?

  5. How to keep an internal IP for a public cloud instance?

  6. How to backup a CloudGuard Network Public Cloud instance?

  7. How to access Maintanance mode?

  8. How to increase disk size?

  9. How to add additional network interfaces?

  10. How to use the real source IP (not the LoadBalancer's IP) in policy and logs using xff?

    Refer to:

    sk115532 - IPS Geo protection based on "X-Forwarded-For" HTTP header in CloudGuard Network for Public Cloud

    sk167578 - XFF Header injection over source NATed HTTP/S connections


    1. Works only with IPS Geo Protection - The enforcement is based on countries ip ranges.

    2. Access and Threat Prevention policy enforcement based on XFF header IP is not supported.

  11. Why is North-South traffic not being accelerated?

    This is a known limitation.

    All packets that match a rule, whose source or destination is the Security Gateway itself are not being accelerated.

    See sk32578 - SecureXL Mechanism

  12. How to connect on-prem and cloud environments?

  13. Why does VIP not transferring between members on fail-over?

    When public cloud Security Clusters that has a VIP failover, an API call to the cloud platform is made in order to change the VIP association to the promoted member.

    In order to perform this API call, special credentials are required for the cluster member instances.

    If the CloudGuard Security Cluster deployment was made into an existing vNET/VPC, verify that the Cluster Members instances have contributor/IAM roles

  14. How to upgrade?

    Upgrade paths for each IaaS for Public Cloud solution are documented in sk162365.

    See sk162365 - Upgrade/Update documentation for CloudGuard Network Security in Public Cloud

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document