Our Palo Alto firewall performs SSL decryption for all outgoing traffic. Veeam backup for AWS is giving us a network time out when running a cross-account backup with the EC2 worker instance. the problem would be solved if we would be able to have a worker node customised with our custom SSL certificate in the trust store.
Veeam support case for this issue (Case #06095842)
-
- Novice
- Posts: 6
- Liked: never
- Joined: Jun 08, 2023 4:13 pm
- Full Name: Tim Hulsens
- Contact:
-
- Product Manager
- Posts: 5838
- Liked: 1220 times
- Joined: Jul 15, 2013 11:09 am
- Full Name: Niels Engelen
- Contact:
Re: Feature Request: Worker nodes with custom certificate in trust store
Hi Tim,
To clarify, you are using a Cloud NGFW setup (using Rulestack and Rules) within AWS by Palo Alto? As I can see multiple documents available from them so I want to understand how you have it setup better so we could look into this for the future.
To clarify, you are using a Cloud NGFW setup (using Rulestack and Rules) within AWS by Palo Alto? As I can see multiple documents available from them so I want to understand how you have it setup better so we could look into this for the future.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
GitHub: https://github.com/nielsengelen
-
- Novice
- Posts: 6
- Liked: never
- Joined: Jun 08, 2023 4:13 pm
- Full Name: Tim Hulsens
- Contact:
Re: Feature Request: Worker nodes with custom certificate in trust store
Hi Niels, sorry for that (very) late reply. Yes indeed we are using Palo Alto on ec2 in the cloud in AWS cloud (NGFW) and more specific the Forward Proxy function where it does that Packet inspection on SSL/LDAPS.... (This is what Network team explained to me, I am not the expert 
In the meantime, to get things running, we setup a solution where we use AWS Cloudwatch and a Lambda function to spot a Veeam worker EC2 node, spinning up and have it tagged so the Palo Alto FW excludes this worker node from Packet Inspection.

In the meantime, to get things running, we setup a solution where we use AWS Cloudwatch and a Lambda function to spot a Veeam worker EC2 node, spinning up and have it tagged so the Palo Alto FW excludes this worker node from Packet Inspection.
Who is online
Users browsing this forum: No registered users and 7 guests