Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Azure

Reply

Join Member Azure on Grid On premises

Authority
Posts: 17
4889     0

Hi guys,
I am performing a hybrid cloud integration with an azure environment and an on-premises grid through NAT GROUP.
The member performs all operations prior to joining the Grid such as checking software version, release timing and platform compatibility.
At the end of all synchronization the member enters the Grid but then goes offline.
I researched the logs in the support bundle and is there some errors, where: 191.234.x.x (public IP AZURE MEMBER ) 10.1.0.4 (private IP AZURE MEMBER)

NIOS RELEASE 8.3.6-385000

NAT Compatibility = ENABLE (ON MEMBER)

 

 

[2019/08/29 20:34:57.425] (10137 /infoblox/one/bin/firewall) : Firewall disallow openvpnblock 191.234.x.x
[ TIME NOT KNOWN ] (10031) main.c:sigterm_handler{}: DB Journal Daemon received SIGTERM....
[2019/08/29 20:34:57.431] (26898 /infoblox/one/bin/clusterd) master.c:1801 cd_replica_logout(): Cluster logout for node 10.1.0.4, for node configuration change.
[2019/08/29 20:34:57.431] (26898 /infoblox/one/bin/clusterd) snmp_trap.c:1392 one_send_snmp_trap(): Sending state change trap for 10.1.0.4 - ID_Grid (The grid member is not connected to the grid master.) from 4 to 5

 

Can anyone help me to troubleshoot ?

 

Thank you.

Re: Join Member Azure on Grid On premises

Authority
Posts: 17
4889     0

It worked creating a second configuration related to NAT GROUP in Grid Master.

Re: Join Member Azure on Grid On premises

Techie
Posts: 9
4889     0

Yes, ideally when there is an existing AWS/Azure member, you may need to create a NAT Group in the Grid. The Grid communication between the Azure / AWS members and the master happens with their Public IPs and the communication between the on-prem members and the master possibly over their private IP interfaces. In this case, you may need to create NAT group in order to differentiate the on-prem and Cloud appliances. 

 

There is a KB article that explains about this setup in detail. 

 

#6041: How to join an AWS / Azure member to the existing grid?
Published 12/23/2016   |    Updated 02/11/2019 08:19 PM
Problem Summary:

How to join an AWS / Azure member to the existing grid.

Customer Environment:

NOIS grid

NIOS Version:

7x, 8x

Resolution:

Grid master must have a public facing IP address configured under NAT address also NAT compatibility must be enabled.


Adding AWS / Azure member

1. On the grid master side, add the AWS / Azure member with the FQDN.

2. Click next and Set the Network settings by adding the LAN1 private IP address in the Network tab.

3. Click on save and edit. Navigate to the Network -> Advanced  and Enable "NAT compatibility". Also make sure that the NAT group is set to No group.
 
4. Under NAT addresses section, add the public IP address configured  for  the appliance in AWS / Azure Cloud.

5. Join the AWS / Azure member. When asked for the VIP of grid master, put in the public IP address that is configured for grid master.


Adding on-prem member when there is an existing AWS / Azure member

Before adding a member when there is an existing AWS / Azure member, make sure to create a NAT group. The communication between Grid Master and AWS / Azure member is happening between the public facing IP addresses. The communication between the Grid Master and the on-prem member is likely over the private IP addresses. Hence the Grid Master and the on-prem members should be in a NAT group and the AWS / Azure member should be outside the NAT group.

1.     On the grid master side, add the member with the FQDN.

2.     Click next and set the Network setting by adding the LAN1 IP address in the Network tab.

3.     Click on save and edit. Navigate to Network -> Advanced. In the NAT Group, add the NAT group created. (Please note that Grid master and on-prem grid member should be in the same NAT group).

4.     Join the AWS / Azure member using set membership. When asked for the VIP of grid master, put in the public IP address that is configured for grid master.

Note:  The conditions mentioned above could vary based on the individual network infrastructures.

 

https://support.infoblox.com/app/answers/detail/a_id/6041/kw/6041 

 

 

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You