To be able to accurately reference the networks used by AWS and Azure, these networks can be imported automatically in a dynamic network object. Initial creation is triggered by command line script. After they are created, the network objects are automatically updated every hour. Note, however, that after they are created, it is only possible to disable the network objects in NextGen Admin. Deleting the network objects is not possible.
Before You Begin
Select the network object you want to create:
- Cloud – Create network objects for all datacenters in AWS and Azure.
- Azure – Create network objects for all Azure datacenters.
- Aws – Create network objects for all AWS datacenters.
- Datacenter Specific – To create network objects for specific AWS or Azure regions, list all network objects names:
Importing Azure and AWS Datacenter Network Ranges
To import network objects from the cloud servers on a NextGen Firewall, a command line tool must be executed manually on the firewall.
Importing network objects on managed firewalls requires you to execute the tool with the following arguments:
Log into the Control Center via SSH.
Create the dynamic network objects:
For all firewall services on the Control Center:
/opt/phion/bin/external-netobj-tool create PREDEFINED_CLOUD_NETWORK_OBJECT_NAME
For all firewall services in a range:
/opt/phion/bin/external-netobj-tool create -r RANGE PREDEFINED_CLOUD_NETWORK_OBJECT_NAME
For all firewall services in a cluster:
/opt/phion/bin/external-netobj-tool create -r RANGE -c CLUSTER PREDEFINED_CLOUD_NETWORK_OBJECT_NAME
For a specific firewall service:
/opt/phion/bin/external-netobj-tool create -r RANGE -c CLUSTER -s SERVER_SERVICE PREDEFINED_CLOUD_NETWORK_OBJECT_NAME
The cloud datacenter network objects are now available in the firewall services. It might take up to one hour for the network objects to be populated.