Agentless, cloud-native backup for Amazon Web Services (AWS)
Post Reply
TimHulsens
Novice
Posts: 6
Liked: never
Joined: Jun 08, 2023 4:13 pm
Full Name: Tim Hulsens
Contact:

Feature Request: Worker nodes with custom certificate in trust store

Post by TimHulsens »

Our Palo Alto firewall performs SSL decryption for all outgoing traffic. Veeam backup for AWS is giving us a network time out when running a cross-account backup with the EC2 worker instance. the problem would be solved if we would be able to have a worker node customised with our custom SSL certificate in the trust store.

Veeam support case for this issue (Case #06095842)
nielsengelen
Product Manager
Posts: 5835
Liked: 1220 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: Feature Request: Worker nodes with custom certificate in trust store

Post by nielsengelen »

Hi Tim,

To clarify, you are using a Cloud NGFW setup (using Rulestack and Rules) within AWS by Palo Alto? As I can see multiple documents available from them so I want to understand how you have it setup better so we could look into this for the future.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
TimHulsens
Novice
Posts: 6
Liked: never
Joined: Jun 08, 2023 4:13 pm
Full Name: Tim Hulsens
Contact:

Re: Feature Request: Worker nodes with custom certificate in trust store

Post by TimHulsens »

Hi Niels, sorry for that (very) late reply. Yes indeed we are using Palo Alto on ec2 in the cloud in AWS cloud (NGFW) and more specific the Forward Proxy function where it does that Packet inspection on SSL/LDAPS.... (This is what Network team explained to me, I am not the expert ;-)

In the meantime, to get things running, we setup a solution where we use AWS Cloudwatch and a Lambda function to spot a Veeam worker EC2 node, spinning up and have it tagged so the Palo Alto FW excludes this worker node from Packet Inspection.
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests