Support for Managing Cloud Edge 50G2 Gateway
Starting with Cloud Edge 6.0 and later, Cloud Edge Cloud Console supports managing both standard gateways and Cloud Edge 50G2 gateways.
-
Standard gateway: Runs Cloud Edge 5.x and earlier releases (for example Cloud Edge 5.5 SP2).
-
Cloud Edge 50G2 gateway: Runs on Cloud Edge 6.0 and later releases.
The Cloud Edge 50G2 gateway is a second-generation model with higher hardware and performance.
In the gateways Gateway Management and policy rules Manage Policy Rules pages, two distinct icons are used to distinguish between standard gateways and Cloud Edge 50G2 gateways:
-
: Standard
gateway -
: Cloud Edge 50G2
gateway
Certain new functionality can be implemented only on Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later. Use Online Help for guidance for information about when certain functionality is for Cloud Edge 50G2 gateways.
Enhancements for Policy Rules Pages
The Policy Rules page has a new design and layout that enhances your ability to understand the configuration for defined policy rules. A new column, Usage provides a summary of usage for each policy, provided the policy rule applies to a single Cloud Edge 50G2 gateway running Cloud Edge 6.0 or later.
The Manage Policy Rules page has been modified to match the new design for the policy menu.
Enhancements to Policies
A modified policy configuration provides more fine-grained control on how gateways scan traffic for Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later. The new policy configuration supports controlling traffic based on the new Interface Object object type and on rule-specific settings for security profiles (formerly known as gateway profiles).
Support for the New Interface Group Policy Object
For policy rules that apply to a single Cloud Edge 50G2 gateway running Cloud Edge 6.0 or later, you can use predefined interface objects as a source when defining policy rules. Optionally, you can define and use custom interface groups that contain one or more of the predefined interface objects.
The list of predefined interface objects include:
-
Physical interface (including wireless interfaces in Routing Mode)
-
Virtual interfaces such as VLANS and VPNs (L2TP and SSL)
Support for Security Profiles Settings for Policy Rules
The Manage Policy Rules page includes a new section, Security Profiles that allows you to choosing how to implement security profiles (IPS, Anti-Malware, Email Security, Web Reputation, HTTPS) for that rule.
The Security Profiles section is available only for policy rules that apply to Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later or for gateway groups containing one or more Cloud Edge 50G2 gateways. The Security Profiles section is not available if all gateways chosen for the policy rule are Cloud Edge 5.x or earlier versions.
For each rule, you can choose one of the following:
-
On: Turn on policy-specific settings
-
Off: Turn off policy-specific settings
-
Inherit: Inherit settings from the gateway's security profile (default)
The Security Profiles section is hidden if the policy rule's action is set to block or bypass.
Modifications to the Policy Menu
To provide support for functionality available for Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later and to enhance useability, modifications have been made to the Policy menu. The following list shows the changes under the Policy menu:
-
Policy
-
Policy Rules
-
Interface Objects
-
Interface Groups
Interface groups is a new policy object.
-
-
Identity Objects
-
IP Addresses/FQDNs
-
MAC Addresses
-
Geolocations
-
-
Other Objects
-
Services
-
Schedules
-
-
Content Type Objects
-
Application Groups
-
URL Category Groups
-
-
Security Profiles
-
Security Profiles
Note:Gateway Profiles has been renamed to Security Profiles.
-
-
Approved Blocked Lists
-
User Notifications
-
Support for Tracking Policy Usage From Log Analysis Pages
Add support for tracking policy rule usage data from the Application Bandwidth and Internet Access pages under Log Analysis. Policy usage information is available only when all gateways in the company are Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later.
Support for Integration with LDAP
Cloud Edge Cloud Console supports LDAP integration with Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later.
Support for LDAP includes Microsoft Active Directory with Windows 2012R2, Windows 2016, Windows 2019 and Linux OpenLDAP. You can use LDAP for authentication in Captive Portal and VPN Portal.
LDAP integration is not supported in Japan.
Enhancements and Modifications to VLANs
The Interfaces page has been enhanced to provide more information about configured VLANs. Only L3 VLANS are supported and can be configured using either DHCP or static addressing. Certain other configuration settings have been modified. See How to Deploy Cloud Edge With VLANs.
Support for Site–to–Site VPNs in Dual WAN Scenario in Cloud Edge 6.0 and Later
The LAN1 interface on a Cloud Edge gateway can be configured as a second WAN interface that provides a redundant, dual WAN connection to the Internet.
Cloud Edge now supports Site–to–Site VPNs in a dual WAN scenario for Cloud Edge 50G2 gateways running Cloud Edge 6.0 or later.
Enhancement to Cloud Edge Management After Service Plan Is Disabled
If all service plans for a customer are disabled Cloud Edge now automatically terminates the following:
-
Alert emails: Gateway status change, Mail security status change, C&C Callbacks
-
Report emails: Report/Summary report
Reasons a service plan might be disabled include the license time has not been reached, the trial license end time has passed, or both the license end time has passed and the grace time has passed.
If there are any service plans enabled for a customer, services are not terminated.
Enhancement to Auditing Log
The auditing log has been enhance to show policy deployment status, including whether the deployment was successful or failed for the following:
-
Policy deployment started
-
Policy deployed to Mail Cloud Scan Service
-
Policy deployed to Web Cloud Scan Service
-
Policy deployed to XXXX (device name)