EdgeSentry

EdgeSentry which is ExtremeCloud SD-WAN's Cloud Security feature, is delivered from the Cloud through Check Point, a renowned Security Vendor. It offers the following services:

•

Access Control, i.e. access rules define which Internet traffic is allowed or blocked

•

Threat Prevention that includes a set of mechanisms like Intrusion Prevention System (IPS), anti-virus, anti-bot and sandboxing

•

HTTPs Inspection with basic and full inspection levels

•

Logs, events, dashboards and weekly reports on the Internet traffic

This section describes how to configure EdgeSentry in your network, from a Branch Office appliance over the Internet.

Two tunnels are created per WAN Router interface after you have defined the appropriate parameters in the SD-WAN application.

Prerequisites

You can use the EdgeSentry feature of the ExtremeCloud SD-WAN application if:

•

you have purchased the right licenses for both the appliance and the domain

•

Extreme Networks has activated EdgeSentry for your Customer account. Select Settings -> EdgeSentry and verify that the EdgeSentry Status is set to 'Active'.

Configuring EdgeSentry

1

In the General panel of the Appliance Configuration window, select the appropriate WAN interface in Router mode and select EdgeSentry as the Tunnels -> Security Gateway value. According to the Site address where the appliance is deployed, the system will choose the closest region to the appliance. Note that region information is common to all the WAN interfaces of the appliances on the same Site, for which EdgeSentry has been activated.

Eligible interfaces are WAN Router interfaces on hybrid or full router appliances.

Note: to activate EdgeSentry on several appliances, you can also use a template where you configured this function. Refer to "Creating Appliance Templates".

2

Click Save.

Warning: The same WAN interface cannot be connected to EdgeSentry and to a Secure Web Gateway at the same time.

3

Select Settings -> EdgeSentry and connect to the Cloud Security Partner's portal by clicking Access Check Point Infinity Portal.

4

Configure Security Policies and Logs & Events parameters according to the procedure described in the Check Point Harmony Connect Administration Guide.

In the Policy section, refer to the following pages:

•

Internet Access

•

Threat Prevention: a single profile, not configurable, is applied but exceptions can be defined

•

SSL Inspection

•

Policy Revisions

Also refer to the Logs & Events section.

5

Define the traffic to forward to EdgeSentry through the swg or swg+ Internet Access Policies of the Zone-Based Firewall. Refer to "Setting Internet Access Control Lists".

6

Click Save Changes to validate the configuration.

Note: provisioning a Site configured with EdgeSentry may take several minutes in Check Point.

Checking EdgeSentry Connections

1

Verify whether the EdgeSentry configuration is operational by checking that there are connected Sites on the EdgeSentry map. Note that the graphical representation of the tunnels does not contain geographic information.

Also check the alarms raised for the configured EdgeSentry appliance in the Active Alarms and Cleared Alarms dashboards.

2

On the Tunnels Overview dashboard, check that the EdgeSentry tunnels are up.

3

On the Appliances -> Appliance -> Advanced Troubleshooting window, select Tunnels -> IPsec to analyze the details of the created EdgeSentry tunnels.