I have a pretty simple setup with a private network of 10.23.0.0 /16 being translated into some public addresses. My CSPM server is located on the private network and I have my sensor located at another site with a public IP address. I'm having some difficulties setting up my cloud network in my Network Topology Tree. Has anyone seen some good documentation on how to do this? Everything I've seen hasn't made a whole lot of sense to me and I still end up with consistency errors.
I don't know of any good documentation - but when I set up a cloud network outside of my private network - I click on the Internet object - click new cloud network - put in the ip address of the subnet - so if you sensor's ip address is 2xx.3xx.4x.5 - then I would put in 2xx.3xx.4x.0 & the mask - then I would click on the new cloud object & create a new gateway and that would be the sensor.
My sensor's management connection is inside our private network - since yours is outside - you might want to set up ssh on it 1st so that you are not sending clear text to it to control it.
If you don't care if the clouds exactly match your real topology then you should be able to simply click on the Add Sensor menu option and enter the sensor information.
Then it will determine the sensor is on another network and ask for the router ip address for that network and automatically create a new cloud for that new network.
Th situations to be carefull of are:
1) If you want your topology view to match exactly what the actual layout is, then you need to layout it all out yourself instead of using the automated method I described.
2) If the sensor is sitting behind a router or pix and either the sensor's or CSPM's address is being NAT'd. In which case the toplogy has to be accurate and include these NAT configurations in order for CSPM to generate the correct config files.
If neither the senso's address of CSPM's address is being NAT'd when they communicate to each other then the topologu setup doesn't matter a whole lot for IDS and you can use the automated method I described.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...