diff --git a/ace_pro/docs/images/lab6-webgroup200.png b/ace_pro/docs/images/lab6-webgroup200.png index 3248f04d..afef7881 100644 Binary files a/ace_pro/docs/images/lab6-webgroup200.png and b/ace_pro/docs/images/lab6-webgroup200.png differ diff --git a/ace_pro/docs/images/lab911-new100.png b/ace_pro/docs/images/lab911-new100.png index ded1de93..80b1b8ab 100644 Binary files a/ace_pro/docs/images/lab911-new100.png and b/ace_pro/docs/images/lab911-new100.png differ diff --git a/ace_pro/docs/images/lab96-newrule201.png b/ace_pro/docs/images/lab96-newrule201.png index 814eeb6e..9401ebef 100644 Binary files a/ace_pro/docs/images/lab96-newrule201.png and b/ace_pro/docs/images/lab96-newrule201.png differ diff --git a/ace_pro/docs/images/lab96-newrule301.png b/ace_pro/docs/images/lab96-newrule301.png new file mode 100644 index 00000000..51487fda Binary files /dev/null and b/ace_pro/docs/images/lab96-newrule301.png differ diff --git a/ace_pro/docs/lab9.md b/ace_pro/docs/lab9.md index 3357ff95..3c1dd001 100644 --- a/ace_pro/docs/lab9.md +++ b/ace_pro/docs/lab9.md @@ -292,9 +292,9 @@ Create the new **_WebGroup_** with the following parameters: - **Name**: Allowed-Public-Domains - **Type**: Domains -- **Domains/URLs**: www.google.com -- **Domains/URLs**: www.microsoft.com -- **Domains/URLs**: www.aws.com +- **Domains/URLs**: www.nginx.com +- **Domains/URLs**: www.ubuntu.com +- **Domains/URLs**: www.aviatrix.com Do not forget to click on **Save**. @@ -321,6 +321,7 @@ Insert the following parameters - **Name**: PSF-Rule-Permit - **Source Groups**: aws-us-east-1-spoke1-test1 - **Destination Groups**: Public Internet +- **WebGroups**: Allowed-Public-Domains - **Protocol**: Any - **Enforcement**: **On** - **Logging**: On @@ -344,12 +345,39 @@ align: center New DCF Rules List ``` +Now from your SSH client, issue the following commands: +```bash +curl https://www.nginx.com +``` +```bash +curl https://www.ubuntu.com +``` +```bash +curl https://www.aviatrix.com +``` + +```{figure} images/lab96-newrule301.png +--- +align: center +--- +Outcomes from the curl commands +``` +Now issue again the curl command towards the malicious IP address provided by the Trainer! +```bash +curl https:// +``` +```{figure} images/lab96-newrule302.png +--- +align: center +--- +Towards the Malicious IP +``` diff --git a/docs/ace-pro/_images/lab6-webgroup200.png b/docs/ace-pro/_images/lab6-webgroup200.png index 3248f04d..afef7881 100644 Binary files a/docs/ace-pro/_images/lab6-webgroup200.png and b/docs/ace-pro/_images/lab6-webgroup200.png differ diff --git a/docs/ace-pro/_images/lab911-new100.png b/docs/ace-pro/_images/lab911-new100.png index ded1de93..80b1b8ab 100644 Binary files a/docs/ace-pro/_images/lab911-new100.png and b/docs/ace-pro/_images/lab911-new100.png differ diff --git a/docs/ace-pro/_images/lab96-newrule201.png b/docs/ace-pro/_images/lab96-newrule201.png index 814eeb6e..9401ebef 100644 Binary files a/docs/ace-pro/_images/lab96-newrule201.png and b/docs/ace-pro/_images/lab96-newrule201.png differ diff --git a/docs/ace-pro/_images/lab96-newrule301.png b/docs/ace-pro/_images/lab96-newrule301.png new file mode 100644 index 00000000..51487fda Binary files /dev/null and b/docs/ace-pro/_images/lab96-newrule301.png differ diff --git a/docs/ace-pro/_sources/docs/lab9.md b/docs/ace-pro/_sources/docs/lab9.md index 3357ff95..3c1dd001 100644 --- a/docs/ace-pro/_sources/docs/lab9.md +++ b/docs/ace-pro/_sources/docs/lab9.md @@ -292,9 +292,9 @@ Create the new **_WebGroup_** with the following parameters: - **Name**: Allowed-Public-Domains - **Type**: Domains -- **Domains/URLs**: www.google.com -- **Domains/URLs**: www.microsoft.com -- **Domains/URLs**: www.aws.com +- **Domains/URLs**: www.nginx.com +- **Domains/URLs**: www.ubuntu.com +- **Domains/URLs**: www.aviatrix.com Do not forget to click on **Save**. @@ -321,6 +321,7 @@ Insert the following parameters - **Name**: PSF-Rule-Permit - **Source Groups**: aws-us-east-1-spoke1-test1 - **Destination Groups**: Public Internet +- **WebGroups**: Allowed-Public-Domains - **Protocol**: Any - **Enforcement**: **On** - **Logging**: On @@ -344,12 +345,39 @@ align: center New DCF Rules List ``` +Now from your SSH client, issue the following commands: +```bash +curl https://www.nginx.com +``` +```bash +curl https://www.ubuntu.com +``` +```bash +curl https://www.aviatrix.com +``` + +```{figure} images/lab96-newrule301.png +--- +align: center +--- +Outcomes from the curl commands +``` +Now issue again the curl command towards the malicious IP address provided by the Trainer! +```bash +curl https:// +``` +```{figure} images/lab96-newrule302.png +--- +align: center +--- +Towards the Malicious IP +``` diff --git a/docs/ace-pro/docs/lab10.html b/docs/ace-pro/docs/lab10.html index 83235030..941e79ba 100644 --- a/docs/ace-pro/docs/lab10.html +++ b/docs/ace-pro/docs/lab10.html @@ -407,7 +407,7 @@

2. Distributed Cloud Firewall Overview ../_images/lab10-initial.png
-

Fig. 356 Initial Topology Lab 10#

+

Fig. 358 Initial Topology Lab 10#

@@ -424,7 +424,7 @@

3.1. Smart Group “bu1” ../_images/lab10-smart2.png
-

Fig. 357 SmartGroup#

+

Fig. 359 SmartGroup#

Ensure these parameters are entered in the pop-up window "Create SmartGroup":

@@ -437,7 +437,7 @@

3.1. Smart Group “bu1” ../_images/lab10-smart3.png
-

Fig. 358 Resource Selection#

+

Fig. 360 Resource Selection#

The CoPilot shows that there are two instances that perfectly match the condition:

@@ -448,7 +448,7 @@

3.1. Smart Group “bu1” ../_images/lab10-smart4.png
-

Fig. 359 Resources that match the condition#

+

Fig. 361 Resources that match the condition#

@@ -458,7 +458,7 @@

3.2. Smart Group “bu2” ../_images/lab10-smart5.png
-

Fig. 360 New Smart Group#

+

Fig. 362 New Smart Group#

Ensure these parameters are entered in the pop-up window "Create SmartGroup":

@@ -471,7 +471,7 @@

3.2. Smart Group “bu2” ../_images/lab10-smart6.png
-

Fig. 361 Resource Selection#

+

Fig. 363 Resource Selection#

The CoPilot shows that there are three instances that match the condition:

@@ -483,7 +483,7 @@

3.2. Smart Group “bu2” ../_images/lab10-smart7.png
-

Fig. 362 Resources that match the condition#

+

Fig. 364 Resources that match the condition#

At this point, you have only created logical containers that do not affect the existing routing domain.

@@ -491,7 +491,7 @@

3.2. Smart Group “bu2” ../_images/lab10-newone2.png
-

Fig. 363 Greenfield-Rule in action#

+

Fig. 365 Greenfield-Rule in action#

@@ -505,25 +505,25 @@

3.3. Connectivity verification (ICMP) ../_images/lab10-newone.png
-

Fig. 364 SSH#

+

Fig. 366 SSH#

../_images/lab10-newone3.png
-

Fig. 365 Ping#

+

Fig. 367 Ping#

../_images/lab10-newjoe10.png
-

Fig. 366 Ping#

+

Fig. 368 Ping#

../_images/lab10-newjoe11.png
-

Fig. 367 Ping#

+

Fig. 369 Ping#

@@ -537,37 +537,37 @@

3.4. Connectivity verification (SSH) ../_images/lab10-sshtoaws.png
-

Fig. 368 SSH to test2 in AWS US-East-2#

+

Fig. 370 SSH to test2 in AWS US-East-2#

../_images/lab10-sshtogcp.png
-

Fig. 369 SSH to test1 in GCP US-Central1#

+

Fig. 371 SSH to test1 in GCP US-Central1#

../_images/lab10-sshtoazure1.png
-

Fig. 370 SSH to test1 in Azure West-US#

+

Fig. 372 SSH to test1 in Azure West-US#

../_images/lab10-sshtoazure2.png
-

Fig. 371 SSH to test2 in Azure West-US#

+

Fig. 373 SSH to test2 in Azure West-US#

../_images/lab10-sshnew.png
-

Fig. 372 SSH to test1 in AWS US-East1#

+

Fig. 374 SSH to test1 in AWS US-East1#

../_images/lab10-sshnew2.png
-

Fig. 373 SSH to test2 in AWS US-East1#

+

Fig. 375 SSH to test2 in AWS US-East1#

The previous outcomes confirm undoubtetly that the connectivity is working smoothly, despite the creation of those two new Smart Groups.

@@ -586,7 +586,7 @@

4.1. Build a Zero Trust Network Architecture ../_images/lab10-newedit.png
-

Fig. 374 Delete the Greenfield-Rule#

+

Fig. 376 Delete the Greenfield-Rule#

    @@ -595,7 +595,7 @@

    4.1. Build a Zero Trust Network Architecture ../_images/lab10-commit.png
    -

    Fig. 375 Delete the Inspection-Rule#

    +

    Fig. 377 Delete the Inspection-Rule#

    @@ -619,14 +619,14 @@

    4.1. Build a Zero Trust Network Architecture ../_images/lab6-new.png
    -

    Fig. 376 Saving the new Rule#

    +

    Fig. 378 Saving the new Rule#

    Now click on Commit.

    ../_images/lab6-new234.png
    -

    Fig. 377 Committing the new Rule#

    +

    Fig. 379 Committing the new Rule#

    @@ -644,7 +644,7 @@

    4.2. Create an intra-rule that allows ICMP inside bu1 ../_images/lab10-newrule.png
    -

    Fig. 378 New Rule#

    +

    Fig. 380 New Rule#

    Insert the following parameters:

    @@ -660,14 +660,14 @@

    4.2. Create an intra-rule that allows ICMP inside bu1 ../_images/lab10-rule1.png
    -

    Fig. 379 Create Rule#

    +

    Fig. 381 Create Rule#

    Click on Commit.

    ../_images/lab10-rule2.png
    -

    Fig. 380 Current list of rules#

    +

    Fig. 382 Current list of rules#

    @@ -677,7 +677,7 @@

    4.2. Create an intra-rule that allows ICMP inside bu2 ../_images/lab10-rule3.png
    -

    Fig. 381 New rule#

    +

    Fig. 383 New rule#

    Ensure these parameters are entered in the pop-up window "Create Rule":

    @@ -698,14 +698,14 @@

    4.2. Create an intra-rule that allows ICMP inside bu2 ../_images/lab10-intrabu2.png
    -

    Fig. 382 intra-icmp-bu2#

    +

    Fig. 384 intra-icmp-bu2#

    Now proceed and click on the Commit button.

    ../_images/lab10-intrabu2345.png
    -

    Fig. 383 Commit#

    +

    Fig. 385 Commit#

    @@ -716,7 +716,7 @@

    5. Verification ../_images/lab10-topology2.png
    -

    Fig. 384 New Topology#

    +

    Fig. 386 New Topology#

    @@ -725,7 +725,7 @@

    5.1. Verify SSH traffic from your laptop to bu1 ../_images/lab10-sshpod.png
    -

    Fig. 385 SSH from your laptop#

    +

    Fig. 387 SSH from your laptop#

    @@ -741,7 +741,7 @@

    5.2. Verify ICMP within bu1 and from bu1 towards bu2 ../_images/lab10-pingcheck.png
    -

    Fig. 386 Ping#

    +

    Fig. 388 Ping#

    Let’s investigate the logs:

    @@ -752,7 +752,7 @@

    5.2. Verify ICMP within bu1 and from bu1 towards bu2 ../_images/lab10-monitor.png
    -

    Fig. 387 Filter#

    +

    Fig. 389 Filter#

    @@ -764,28 +764,28 @@

    5.2. Verify ICMP within bu1 and from bu1 towards bu2 ../_images/lab10-pingtotest2.png
    -

    Fig. 388 Ping#

    +

    Fig. 390 Ping#

    Go to CoPilot > Security > Distributed Cloud Firewall > Settings and click on the "Manage" button, inside the "Security Group (SG) Orchestration" field.

    ../_images/lab10-orchestration.png
    -

    Fig. 389 SG Orchestration#

    +

    Fig. 391 SG Orchestration#

    Enable the SG orchestration feature on the aws-us-east-2-spoke1 VPC, flag the checkbox "I understand the network impact of the changes" and then click on Save.

    ../_images/lab10-orchestration2.png
    -

    Fig. 390 Manage SG Orchestration#

    +

    Fig. 392 Manage SG Orchestration#

    Relaunch the ping from aws-us-east-2-spoke1-test1 towards aws-us-east-2-spoke1-test2.

    ../_images/lab10-pingtotest2fail.png
    -

    Fig. 391 Ping fails#

    +

    Fig. 393 Ping fails#

    @@ -799,7 +799,7 @@

    5.3. Verify SSH within bu1 ../_images/lab10-sshfail.png
    -

    Fig. 392 SSH fails#

    +

    Fig. 394 SSH fails#

    @@ -809,7 +809,7 @@

    5.4. Add a rule that allows SSH in bu1 ../_images/lab10-newrule2.png
    -

    Fig. 393 New rule#

    +

    Fig. 395 New rule#

    Ensure these parameters are entered in the pop-up window "Create Rule":

    @@ -831,14 +831,14 @@

    5.4. Add a rule that allows SSH in bu1 ../_images/lab10-sshbu1.png
    -

    Fig. 394 Create rule#

    +

    Fig. 396 Create rule#

    Click on "Commit" to enforce the new rule into the Data Plane.

    ../_images/lab10-commitsshbu1.png
    -

    Fig. 395 Commit#

    +

    Fig. 397 Commit#

      @@ -848,7 +848,7 @@

      5.4. Add a rule that allows SSH in bu1 ../_images/lab10-sshbu1ok.png
      -

      Fig. 396 SSH ok#

      +

      Fig. 398 SSH ok#

      Let’s investigate the logs once again.

      @@ -856,7 +856,7 @@

      5.4. Add a rule that allows SSH in bu1 ../_images/lab10-logsshbu1.png
      -

      Fig. 397 Logs#

      +

      Fig. 399 Logs#

      From the log above is quite evident that the "intra-ssh-bu1” rule is permitting SSH traffic within the Smart Group bu1, successfully.

      @@ -864,7 +864,7 @@

      5.4. Add a rule that allows SSH in bu1 ../_images/lab10-topologynew.png
      -

      Fig. 398 New Topology#

      +

      Fig. 400 New Topology#

      @@ -874,7 +874,7 @@

      5.4. SSH to VM in bu2 ../_images/lab10-sshtocentral.png
      -

      Fig. 399 SSH to gcp-us-central1-spoke1-test1#

      +

      Fig. 401 SSH to gcp-us-central1-spoke1-test1#

      @@ -891,7 +891,7 @@

      5.5. Verify ICMP traffic within bu2 ../_images/lab10-pingtestgcp.png
      -

      Fig. 400 Ping#

      +

      Fig. 402 Ping#

      Let’s investigate the logs once again.

      @@ -899,7 +899,7 @@

      5.5. Verify ICMP traffic within bu2 ../_images/lab10-bu2monitor.png
      -

      Fig. 401 Monitor#

      +

      Fig. 403 Monitor#

      The logs above confirm that the ICMP protocol is permitted within the Smart Group bu2.

      @@ -911,7 +911,7 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-newrule4.png
      -

      Fig. 402 New Rule#

      +

      Fig. 404 New Rule#

      Ensure these parameters are entered in the pop-up window "Create New Rule":

      @@ -932,14 +932,14 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-interssh.png
      -

      Fig. 403 Create Rule#

      +

      Fig. 405 Create Rule#

      Enforce this new rule into the Data Plane clicking on the "Commit" button.

      ../_images/lab10-newcommit2.png
      -

      Fig. 404 Commit#

      +

      Fig. 406 Commit#

      SSH to the Public IP of the instance azure-west-us-spoke2-test1.

      @@ -954,7 +954,7 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-pingallok.png
      -

      Fig. 405 Ping ok#

      +

      Fig. 407 Ping ok#

      Let’s investigate the logs once again.

      @@ -963,7 +963,7 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-monitorfresh.png
      -

      Fig. 406 Monitor#

      +

      Fig. 408 Monitor#

      The logs clearly demonstrate that the inter-rule is successfully permitting ICMP traffic from bu2 to bu1.

      @@ -971,7 +971,7 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-lastdrawing2.png
      -

      Fig. 407 New Topology with the DCF rules#

      +

      Fig. 409 New Topology with the DCF rules#

      @@ -981,7 +981,7 @@

      5.6. Inter-rule from bu2 to bu1 ../_images/lab10-direction.png
      -

      Fig. 408 From-To#

      +

      Fig. 410 From-To#

      The inter-rule is Stateful in the sense that it will permit the echo-reply generated from the bu1 to reach the instance in bu2.

      @@ -996,7 +996,7 @@

      6.1 Activation of the MTT ../_images/lab10-newtopology3.png
      -

      Fig. 409 New Topology#

      +

      Fig. 411 New Topology#

      SSH to the Public IP of the instance azure-west-us-spoke2-test1.

      @@ -1007,7 +1007,7 @@

      6.1 Activation of the MTT ../_images/lab10-pingfails10.png
      -

      Fig. 410 Ping#

      +

      Fig. 412 Ping#

      The ping fails, therefore, let’s check the routing table of the Spoke Gateway azure-west-us-spoke2.

      @@ -1015,20 +1015,20 @@

      6.1 Activation of the MTT ../_images/lab10-spoke2azure.png
      -

      Fig. 411 azure-west-us-spoke2#

      +

      Fig. 413 azure-west-us-spoke2#

      Then click on the "Gateway Routes" tab and check whether the destination route is present in the routing table or not.

      ../_images/lab10-gatewayroutes.png
      -

      Fig. 412 Gateway Routes#

      +

      Fig. 414 Gateway Routes#

      ../_images/lab10-newjoe20.png
      -

      Fig. 413 10.0.12.0#

      +

      Fig. 415 10.0.12.0#

      @@ -1046,14 +1046,14 @@

      6.1 Activation of the MTT ../_images/lab10-mtt.png
      -

      Fig. 414 aws-us-east-1-transit#

      +

      Fig. 416 aws-us-east-1-transit#

      Go to "Settings" tab and expand the "“Border Gateway Protocol (BGP)” section and insert the AS number 64512 on the empty field related to the "“Local AS Number”, then click on Save.

      ../_images/lab10-mtt2.png
      -

      Fig. 415 Border Gateway Protocol (BGP)#

      +

      Fig. 417 Border Gateway Protocol (BGP)#

      Repeat the previous action for the last Transit Gateway still without a BGP ASN configured properly:

      @@ -1063,7 +1063,7 @@

      6.1 Activation of the MTT ../_images/lab10-newlab.png
      -

      Fig. 416 azure-west-us-transit#

      +

      Fig. 418 azure-west-us-transit#

      @@ -1074,7 +1074,7 @@

      6.1 Activation of the MTT ../_images/lab10-mtt3.png
      -

      Fig. 417 aws-us-east-2-transit#

      +

      Fig. 419 aws-us-east-2-transit#

      Go to "Settings" tab and expand the "General" section and activate the "Multi-Tier Transit", turning on the corresponding knob.

      @@ -1082,7 +1082,7 @@

      6.1 Activation of the MTT ../_images/lab10-mtt4.png
      -

      Fig. 418 Multi-Tier Transit#

      +

      Fig. 420 Multi-Tier Transit#

      Let’s verify once again the routing table of the Spoke Gateway in azure-west-us-spoke2.

      @@ -1090,14 +1090,14 @@

      6.1 Activation of the MTT ../_images/lab10-mtt5.png
      -

      Fig. 419 azure-west-us-spoke2#

      +

      Fig. 421 azure-west-us-spoke2#

      This time if you click on the "Gateway Routes" tab, you will be able to see the destination route, 10.0.12.0/23, in aws-us-east1-spoke1 VPC.

      ../_images/lab10-mtt6.png
      -

      Fig. 420 10.0.12.0/23#

      +

      Fig. 422 10.0.12.0/23#

        @@ -1110,7 +1110,7 @@

        6.1 Activation of the MTT ../_images/lab10-mtt7.png
        -

        Fig. 421 Ping#

        +

        Fig. 423 Ping#

        Although this time there is a valid route to the destination, thanks to the MTT feature, the pings still fails.

        @@ -1126,7 +1126,7 @@

        6.2 Smart Group “east1” ../_images/lab10-mttnew.png
        -

        Fig. 422 New Smart Group#

        +

        Fig. 424 New Smart Group#

        Ensure these parameters are entered in the pop-up window "Create SmartGroup":

        @@ -1138,7 +1138,7 @@

        6.2 Smart Group “east1” ../_images/lab10-mtt9.png
        -

        Fig. 423 Resource Selection#

        +

        Fig. 425 Resource Selection#

        The CoPilot shows that there is just one single instance that matches the condition:

        @@ -1153,7 +1153,7 @@

        6.3 Create an inter-rule that allows ICMP from bu2 towards east1 ../_images/lab10-mtt8.png
        -

        Fig. 424 New Rule#

        +

        Fig. 426 New Rule#

        Ensure these parameters are entered in the pop-up window "Create Rule":

        @@ -1174,14 +1174,14 @@

        6.3 Create an inter-rule that allows ICMP from bu2 towards east1 ../_images/lab10-lastrule.png
        -

        Fig. 425 The Last Rule…#

        +

        Fig. 427 The Last Rule…#

        Now you can carry on with the last commit!

        ../_images/lab10-lastcommit.png
        -

        Fig. 426 Commit#

        +

        Fig. 428 Commit#

        @@ -1193,7 +1193,7 @@

        6.4 Verify connectivity between bu2 and east1 ../_images/lab10-lastping.png
        -

        Fig. 427 Ping#

        +

        Fig. 429 Ping#

        This time the ping will be successful!

        @@ -1202,14 +1202,14 @@

        6.4 Verify connectivity between bu2 and east1 ../_images/lab10-reallylast.png
        -

        Fig. 428 inter-icmp-bu2-east1 Logs#

        +

        Fig. 430 inter-icmp-bu2-east1 Logs#

        After the creation of both the previous inter-rule and the additional Smart Group, this is how the topology with all the permitted protocols should look like.

        ../_images/lab10-newjoe.png
        -

        Fig. 429 Final Topology#

        +

        Fig. 431 Final Topology#

        @@ -1220,7 +1220,7 @@

        7. Spoke to Spoke Attachment ../_images/lab10-spoke2spoke01.png
        -

        Fig. 430 No More NGFW#

        +

        Fig. 432 No More NGFW#

        @@ -1229,20 +1229,20 @@

        7.1 Creating a Spoke to Spoke Attachment ../_images/lab10-spoke2spoke02.png
        -

        Fig. 431 Manage Gateway Attachments#

        +

        Fig. 433 Manage Gateway Attachments#

        Select the Spoke Gateway tab, click on the "+ Attachment" button and then choose the azure-west-us-spoke1 GW from the drop-down window.

        ../_images/lab10-spoke2spoke03.png
        -

        Fig. 432 azure-west-us-spoke2#

        +

        Fig. 434 azure-west-us-spoke2#

        ../_images/lab10-newspokeatt.png
        -

        Fig. 433 Save#

        +

        Fig. 435 Save#

        Do not forget to click on Save.

        @@ -1250,7 +1250,7 @@

        7.1 Creating a Spoke to Spoke Attachment ../_images/lab10-spoke2spoke04.png
        -

        Fig. 434 Spoke to Spoke Attachment#

        +

        Fig. 436 Spoke to Spoke Attachment#

        @@ -1262,14 +1262,14 @@

        7.1 Creating a Spoke to Spoke Attachment ../_images/lab10-spoke2spoke05.png
        -

        Fig. 435 azure-west-us-spoke2#

        +

        Fig. 437 azure-west-us-spoke2#

        You will notice that the destination is now reachable with a lower metric (50)!

        ../_images/lab10-spoke2spoke06.png
        -

        Fig. 436 Metric 50#

        +

        Fig. 438 Metric 50#

        The traffic generated from the azure-west-us-spoke2-test1 VM will now prefer going through the Spoke-to-Spoke Attachment, for the communication with the Spoke1 VNet.

        @@ -1280,14 +1280,14 @@

        7.1 Creating a Spoke to Spoke Attachment ../_images/lab10-spoke2spoke07.png
        -

        Fig. 437 Spoke to Spoke#

        +

        Fig. 439 Spoke to Spoke#

        After this lab, this is how the overall topology would look like:

        ../_images/lab10-lastdrawing.png
        -

        Fig. 438 Full-Blown Aviatrix Solution#

        +

        Fig. 440 Full-Blown Aviatrix Solution#

        diff --git a/docs/ace-pro/docs/lab11.html b/docs/ace-pro/docs/lab11.html index f2bca5af..13246928 100644 --- a/docs/ace-pro/docs/lab11.html +++ b/docs/ace-pro/docs/lab11.html @@ -368,14 +368,14 @@

        2. Validate ../_images/lab11-edge.png
        -

        Fig. 439 Lab 11 section on the POD Portal#

        +

        Fig. 441 Lab 11 section on the POD Portal#

        Insert the corresponding credentials, available on the POD Portal, to log in to the remote “edge” Workstation.

        ../_images/lab11-edge2.png
        -

        Fig. 440 Edge Workstation credentials#

        +

        Fig. 442 Edge Workstation credentials#

          @@ -384,7 +384,7 @@

          2. Validate ../_images/lab11-edge3.png
          -

          Fig. 441 VS Studio#

          +

          Fig. 443 VS Studio#

            @@ -397,19 +397,19 @@

            2. Validate ../_images/lab11-edge4.png
            -

            Fig. 442 terraform-lab folder#

            +

            Fig. 444 terraform-lab folder#

            ../_images/lab11-newedge2.png
            -

            Fig. 443 Click “Open”#

            +

            Fig. 445 Click “Open”#

            ../_images/lab11-newedge.png
            -

            Fig. 444 Yes, I trust the authors#

            +

            Fig. 446 Yes, I trust the authors#

              @@ -422,7 +422,7 @@

              2. Validate ../_images/lab11-terraform2.png
              -

              Fig. 445 Manifest#

              +

              Fig. 447 Manifest#

              @@ -443,7 +443,7 @@

              2. Validate ../_images/lab11-terraform.png
              -

              Fig. 446 Visual Studio Code#

              +

              Fig. 448 Visual Studio Code#

                @@ -461,7 +461,7 @@

                Expected Results ../_images/lab11-terraform-topology.png
                -

                Fig. 447 Topology#

                +

                Fig. 449 Topology#

                @@ -482,13 +482,13 @@

                Validate#
                ../_images/lab11-newfile.png
                -

                Fig. 448 New File#

                +

                Fig. 450 New File#

                ../_images/lab11-peering.png
                -

                Fig. 449 peering.tf#

                +

                Fig. 451 peering.tf#

                  @@ -512,25 +512,25 @@

                  Validate#
                  ../_images/lab11-clip1.png
                  -

                  Fig. 450 Hidden Clipboard#

                  +

                  Fig. 452 Hidden Clipboard#

                  ../_images/lab11-clip2.png
                  -

                  Fig. 451 Copy the statemets from the Lab Guides and paste them#

                  +

                  Fig. 453 Copy the statemets from the Lab Guides and paste them#

                  ../_images/lab11-clip3.png
                  -

                  Fig. 452 Copy from the hidden clipboard and paste them inside the peering.tf#

                  +

                  Fig. 454 Copy from the hidden clipboard and paste them inside the peering.tf#

                  ../_images/lab11-clip4.png
                  -

                  Fig. 453 Close the Clipboard and save!#

                  +

                  Fig. 455 Close the Clipboard and save!#

                    @@ -540,7 +540,7 @@

                    Validate#
                    ../_images/lab11-clip5.png
                    -

                    Fig. 454 Once again “terraform init”#

                    +

                    Fig. 456 Once again “terraform init”#

                    -
                    +
                    ../_images/lab9-costiq10.png
                    -

                    Fig. 349 Show BGP Learned Routes#

                    +

                    Fig. 351 Show BGP Learned Routes#

                    You will find out that all the local subnets advertised by the DC belong to the cidr 10.40.0.0/16.

                    -
                    +
                    ../_images/lab9-cidr.png
                    -

                    Fig. 350 CIDR#

                    +

                    Fig. 352 CIDR#

                    Let’s move on the Shared Services tab and click on "+ Shared Service".

                    -
                    +
                    ../_images/lab9-costiq12.png
                    -

                    Fig. 351 “+ Shared Service”#

                    +

                    Fig. 353 “+ Shared Service”#

                    Create the Shared Service based on the aforementioned requirements.

                    -
                    +
                    ../_images/lab9-costiq13.png
                    -

                    Fig. 352 “+ Shared Service”#

                    +

                    Fig. 354 “+ Shared Service”#

                    If you kept running the ping on the Workstation Edge’s terminal, then you should see both the relative traffic and the absolute one from any Cost Centers towards the Shared Service.

                    -
                    +
                    ../_images/lab9-ping.png
                    -

                    Fig. 353 Ping from the Wortkstation “Edge”#

                    +

                    Fig. 355 Ping from the Wortkstation “Edge”#

                    -
                    +
                    ../_images/lab9-counter.png
                    -

                    Fig. 354 From the Cost Center towards the Shared Service#

                    +

                    Fig. 356 From the Cost Center towards the Shared Service#

                    After this lab, this is how the overall topology would look like:

                    -
                    +
                    ../_images/lab9-final.png
                    -

                    Fig. 355 Final topology for Lab 9#

                    +

                    Fig. 357 Final topology for Lab 9#

                    diff --git a/docs/ace-pro/searchindex.js b/docs/ace-pro/searchindex.js index 1551ad90..ff5875f9 100644 --- a/docs/ace-pro/searchindex.js +++ b/docs/ace-pro/searchindex.js @@ -1 +1 @@ -Search.setIndex({"alltitles": {"1. Create VPCs, Transit GW, Spoke GW and Attachment through Terraform": [[4, "create-vpcs-transit-gw-spoke-gw-and-attachment-through-terraform"]], "1. General Objectives": [[11, "general-objectives"], [12, "general-objectives"]], "1. Introduction": [[2, "introduction"]], "1. Objective": [[3, "objective"], [5, "objective"], [6, "objective"], [7, "objective"], [8, "objective"], [9, "objective"], [10, "objective"], [13, "objective"], [13, "id1"]], "1. Preface": [[1, "preface"]], "1.1. Attachment between Edge and the Transit": [[12, "attachment-between-edge-and-the-transit"]], "2. Azure VNet": [[2, "azure-vnet"]], "2. CostIQ": [[13, "costiq"]], "2. Distributed Cloud Firewall Overview": [[3, "distributed-cloud-firewall-overview"]], "2. FireNet Overview (Firewall Network)": [[10, "firenet-overview-firewall-network"]], "2. High Performance Encryption and ActiveMesh": [[8, "high-performance-encryption-and-activemesh"]], "2. Multicloud Connectivity Overview": [[6, "multicloud-connectivity-overview"]], "2. Network Domain Association": [[12, "network-domain-association"]], "2. Network Segmentation Overview": [[7, "network-segmentation-overview"]], "2. Prerequisites": [[1, "prerequisites"]], "2. Site2Cloud Overview": [[11, "site2cloud-overview"]], "2. ThreatIQ Overview": [[5, "threatiq-overview"], [13, "threatiq-overview"]], "2. Topology": [[9, "topology"]], "2. Validate": [[4, "validate"]], "2.1 Enable CostIQ": [[13, "enable-costiq"]], "2.1. Create Azure VNet": [[2, "create-azure-vnet"]], "3. AWS VPC": [[2, "aws-vpc"]], "3. Create Transit Peering": [[4, "create-transit-peering"]], "3. Edge: Connectivity Test": [[12, "edge-connectivity-test"]], "3. Getting Started with the labs": [[1, "getting-started-with-the-labs"]], "3. New York DC is the Shared Services": [[13, "new-york-dc-is-the-shared-services"]], "3. SSH to the EC2 instance in the Private Subnet": [[9, "ssh-to-the-ec2-instance-in-the-private-subnet"]], "3. Smart Groups Creation": [[3, "smart-groups-creation"]], "3. Topology": [[5, "topology"], [6, "topology"], [7, "topology"], [8, "topology"], [10, "topology"], [11, "topology"], [13, "topology"]], "3.1. Create AWS VPC": [[2, "create-aws-vpc"]], "3.1. Smart Group \u201cbu1\u201d": [[3, "smart-group-bu1"]], "3.2. Smart Group \u201cbu2\u201d": [[3, "smart-group-bu2"]], "3.2. Verify from AWS Console": [[2, "verify-from-aws-console"]], "3.3. Connectivity verification (ICMP)": [[3, "connectivity-verification-icmp"]], "3.4. Connectivity verification (SSH)": [[3, "connectivity-verification-ssh"]], "4. Access Information": [[1, "access-information"]], "4. Configuration": [[7, "configuration"], [10, "configuration"], [11, "configuration"]], "4. DCF Rules Creation": [[3, "dcf-rules-creation"]], "4. Edge: FlowIQ": [[12, "edge-flowiq"]], "4. Egress Control": [[9, "egress-control"]], "4. GCP VPC": [[2, "gcp-vpc"]], "4. High Performance Encryption Configuration": [[8, "high-performance-encryption-configuration"]], "4. IAC Summary": [[4, "iac-summary"]], "4. Initial configuration": [[6, "initial-configuration"]], "4. PSF": [[5, "psf"], [13, "psf"]], "4.1 Deploy the PSF": [[5, "deploy-the-psf"], [13, "deploy-the-psf"]], "4.1 Enable the Egress Control": [[9, "enable-the-egress-control"]], "4.1. Aviatrix Transit Gateways": [[6, "aviatrix-transit-gateways"], [7, "aviatrix-transit-gateways"]], "4.1. Azure Transit to Spoke Peering": [[10, "azure-transit-to-spoke-peering"]], "4.1. Build a Zero Trust Network Architecture": [[3, "build-a-zero-trust-network-architecture"]], "4.1. CoPilot View before starting": [[8, "copilot-view-before-starting"]], "4.1. Create GCP VPC": [[2, "create-gcp-vpc"]], "4.1. Site2Cloud Connection (Cloud to On-Prem)": [[11, "site2cloud-connection-cloud-to-on-prem"]], "4.1.1.Transit Gateway in AWS US-EAST-2": [[6, "transit-gateway-in-aws-us-east-2"]], "4.2 Inspect the Private RTB": [[9, "inspect-the-private-rtb"]], "4.2 Network Domains": [[7, "network-domains"]], "4.2 RTB verification": [[5, "rtb-verification"], [13, "rtb-verification"]], "4.2 Site2Cloud Connection - StrongSwan\u2019s configuration": [[11, "site2cloud-connection-strongswan-s-configuration"]], "4.2. Aviatrix Spoke Gateways": [[6, "aviatrix-spoke-gateways"]], "4.2. Create an intra-rule that allows ICMP inside bu1": [[3, "create-an-intra-rule-that-allows-icmp-inside-bu1"]], "4.2. Create an intra-rule that allows ICMP inside bu2": [[3, "create-an-intra-rule-that-allows-icmp-inside-bu2"]], "4.2. PAN Firewall Deployment": [[10, "pan-firewall-deployment"]], "4.2. Transit-Spoke Attachment": [[8, "transit-spoke-attachment"]], "4.2.1. Spoke Gateway in AWS": [[6, "spoke-gateway-in-aws"]], "4.2.2. Spoke Gateway in Azure": [[6, "spoke-gateway-in-azure"]], "4.2.3. Spoke Gateway in GCP": [[6, "spoke-gateway-in-gcp"]], "4.3 Generate Traffic": [[9, "generate-traffic"]], "4.3. CoPilot View after Transit-Spoke Attachment": [[8, "copilot-view-after-transit-spoke-attachment"]], "4.3. Explore the Cloud Fabric": [[6, "explore-the-cloud-fabric"]], "4.3. Firewall Configuration": [[10, "firewall-configuration"]], "4.4 Aviatrix Spoke to Transit Gateways Attachments": [[6, "aviatrix-spoke-to-transit-gateways-attachments"]], "4.4 Enable DCF": [[9, "enable-dcf"]], "4.4. Firewall Vendor Integration": [[10, "firewall-vendor-integration"]], "4.4. Transit Peerings Configuration": [[8, "transit-peerings-configuration"]], "4.4.1 Identify the subnet where the private workload resides": [[9, "identify-the-subnet-where-the-private-workload-resides"]], "4.4.1. Spoke to Transit Attachment in AWS": [[6, "spoke-to-transit-attachment-in-aws"]], "4.4.1. Transit Peerings Verification": [[8, "transit-peerings-verification"]], "4.4.2 Create an Ad-Hoc SmartGroup": [[9, "create-an-ad-hoc-smartgroup"]], "4.4.2 Spoke to Transit Attachment in Azure": [[6, "spoke-to-transit-attachment-in-azure"]], "4.4.3 Create a new Rule": [[9, "create-a-new-rule"]], "4.4.3. Spoke to Transit Attachment in GCP": [[6, "spoke-to-transit-attachment-in-gcp"]], "4.5. CoPilot Verification of Spoke-Transit Attachments": [[6, "copilot-verification-of-spoke-transit-attachments"]], "4.5. Verify Routes Installed on Firewall": [[10, "verify-routes-installed-on-firewall"]], "4.6. FireNet Policy": [[10, "firenet-policy"]], "4.6. Multicloud Transit Peerings": [[6, "multicloud-transit-peerings"]], "4.6.1. AWS and Azure": [[6, "aws-and-azure"]], "4.6.2 Azure and GCP": [[6, "azure-and-gcp"]], "4.6.3. GCP and AWS": [[6, "gcp-and-aws"]], "5. - Network Insights API": [[4, "network-insights-api"]], "5. A new SmartGroup for the Public Subnet": [[5, "a-new-smartgroup-for-the-public-subnet"]], "5. Edge: \u201cIt\u2019s more than a Spoke GW\u201d\u201d": [[12, "edge-it-s-more-than-a-spoke-gw"]], "5. Enforcement": [[5, "enforcement"]], "5. High Performance Encryption Verification": [[8, "high-performance-encryption-verification"]], "5. Lab Topology": [[1, "lab-topology"]], "5. S2C - Verification": [[11, "s2c-verification"]], "5. Verification": [[3, "verification"], [6, "verification"], [10, "verification"]], "5. Verification of Segment Attachments": [[7, "verification-of-segment-attachments"]], "5. ZTNA - Zero Trust Network Architecture": [[9, "ztna-zero-trust-network-architecture"]], "5.0 Generate traffic towards a Malicious IP": [[13, "generate-traffic-towards-a-malicious-ip"]], "5.1 Create a New WebGroup": [[9, "create-a-new-webgroup"]], "5.1 Create an Ad-Hoc SmartGroup": [[5, "create-an-ad-hoc-smartgroup"]], "5.1 Edge: As-Path Prepend": [[12, "edge-as-path-prepend"]], "5.1 Generate traffic towards the \u201cBad Guy\u201d": [[5, "id1"]], "5.1 SSH to aws-us-east1-spoke1-test1": [[13, "ssh-to-aws-us-east1-spoke1-test1"]], "5.1. Automatic enforcement: \u201cforce-drop\u201d": [[5, "automatic-enforcement-force-drop"]], "5.1. CoPilot Verification": [[7, "copilot-verification"]], "5.1. CoPilot Verification of the VPC Peerings(Transit-Transit and Spoke-Transit)": [[8, "copilot-verification-of-the-vpc-peerings-transit-transit-and-spoke-transit"]], "5.1. Inside Azure": [[10, "inside-azure"]], "5.1. Verification of Transit Peerings on CoPilot(Cloud Fabric)": [[6, "verification-of-transit-peerings-on-copilot-cloud-fabric"]], "5.1. Verify SSH traffic from your laptop to bu1": [[3, "verify-ssh-traffic-from-your-laptop-to-bu1"]], "5.1.1 Launch connectivity test": [[10, "launch-connectivity-test"]], "5.2 Create a new Rule": [[5, "create-a-new-rule"]], "5.2 Create an \u201ceditable\u201d Explicit -Deny-Rule": [[9, "create-an-editable-explicit-deny-rule"]], "5.2 Generate traffic towards the \u201cBad Guy\u201d": [[5, "generate-traffic-towards-the-bad-guy"]], "5.2. Azure to GCP": [[10, "azure-to-gcp"]], "5.2. CoPilot Verification of HPE": [[8, "copilot-verification-of-hpe"]], "5.2. Verification of Transit Peerings on CoPilot (Topology)": [[6, "verification-of-transit-peerings-on-copilot-topology"]], "5.2. Verify ICMP within bu1 and from bu1 towards bu2": [[3, "verify-icmp-within-bu1-and-from-bu1-towards-bu2"]], "5.2.1 Enforce the Egree-Rule": [[9, "enforce-the-egree-rule"]], "5.2.2 Create an ad-hoc Explicit-Deny-Rule": [[9, "create-an-ad-hoc-explicit-deny-rule"]], "5.3 Test the modified rule": [[9, "test-the-modified-rule"]], "5.3. Route Info DB": [[6, "route-info-db"]], "5.3. Verify SSH within bu1": [[3, "verify-ssh-within-bu1"]], "5.4. Add a rule that allows SSH in bu1": [[3, "add-a-rule-that-allows-ssh-in-bu1"]], "5.4. Connectivity": [[6, "connectivity"]], "5.4. SSH to VM in bu2": [[3, "ssh-to-vm-in-bu2"]], "5.5. Verify ICMP traffic within bu2": [[3, "verify-icmp-traffic-within-bu2"]], "5.6. Inter-rule from bu2 to bu1": [[3, "inter-rule-from-bu2-to-bu1"]], "6. ActiveMesh": [[8, "activemesh"]], "6. Connection Policy": [[7, "connection-policy"]], "6. CostIQ": [[5, "costiq"]], "6. East-1 and the Multi-Tier Transit": [[3, "east-1-and-the-multi-tier-transit"]], "6. IDS": [[9, "ids"]], "6.0 Create a new SmartGroup": [[13, "create-a-new-smartgroup"]], "6.1 Activation of the MTT": [[3, "activation-of-the-mtt"]], "6.1 Create a New Rule": [[9, "id1"]], "6.1. CoPilot Verification of ActiveMesh": [[8, "copilot-verification-of-activemesh"]], "6.1. Verification of Connection Policy": [[7, "verification-of-connection-policy"]], "6.2 Prepare the simulator": [[9, "prepare-the-simulator"]], "6.2 Smart Group \u201ceast1\u201d": [[3, "smart-group-east1"]], "6.2. Connectivity test of ActiveMesh (Pt.1)": [[8, "connectivity-test-of-activemesh-pt-1"]], "6.2.1 Enable Segmentation": [[8, "enable-segmentation"]], "6.2.2. Associate Aviatrix Spoke to the Network Domain": [[8, "associate-aviatrix-spoke-to-the-network-domain"]], "6.3 Create an inter-rule that allows ICMP from bu2 towards east1": [[3, "create-an-inter-rule-that-allows-icmp-from-bu2-towards-east1"]], "6.3 Test the New Rule and the IDS feature": [[9, "test-the-new-rule-and-the-ids-feature"]], "6.3. Connectivity test of ActiveMesh (Pt.2)": [[8, "connectivity-test-of-activemesh-pt-2"]], "6.4 Verify connectivity between bu2 and east1": [[3, "verify-connectivity-between-bu2-and-east1"]], "7. FlightPath": [[8, "flightpath"]], "7. Spoke to Spoke Attachment": [[3, "spoke-to-spoke-attachment"]], "7.0 Create a new DCF rule": [[13, "create-a-new-dcf-rule"]], "7.1 Creating a Spoke to Spoke Attachment": [[3, "creating-a-spoke-to-spoke-attachment"]], "8.0 Generate again traffic towards the \u201cBad Guy\u201d": [[13, "generate-again-traffic-towards-the-bad-guy"]], "8.1 Create a new WebGroup": [[13, "create-a-new-webgroup"]], "8.2 Create a DCF rule that will allow traffic towards the three domains!": [[13, "create-a-dcf-rule-that-will-allow-traffic-towards-the-three-domains"]], "Bonus questions": [[8, "bonus-questions"]], "Description": [[4, "description"], [4, "id3"]], "Expected Results": [[4, "expected-results"], [4, "id2"]], "Gateway Keepalive Templates": [[8, "gateway-keepalive-templates"]], "LOGOS-ICONS": [[14, null]], "Lab 1 - VPCs/VNets CREATION": [[2, null]], "Lab 10 - DISTRIBUTED CLOUD FIREWALL": [[3, null]], "Lab 11 - IAC & NETWORK INSIGHTS API": [[4, null]], "Lab 2 - TRANSIT NETWORKING": [[6, null]], "Lab 3 - NETWORK SEGMENTATION": [[7, null]], "Lab 4 - HPE WITH ACTIVE MESH": [[8, null]], "Lab 5 - CLOUD PERIMETER SECURITY (Secure Cloud Egress)": [[9, null]], "Lab 6 - FIRENET": [[10, null]], "Lab 7 - SITE2CLOUD": [[11, null]], "Lab 8 - SECURE HIGH-PERFORMANCE DATACENTER EDGE": [[12, null]], "Lab 9 - COSTIQ": [[13, "lab-9-costiq"]], "Lab 9 - THREATIQ & COSTIQ": [[5, null], [13, null]], "Link": [[15, "link"]], "PDFs": [[0, null]], "POD Portal": [[15, null]], "Transitive Routing": [[8, "transitive-routing"]], "Validate": [[4, "id1"], [4, "id4"]], "Welcome to ACE Professional Lab": [[1, null]]}, "docnames": ["docs/PDFs", "docs/home", "docs/lab1", "docs/lab10", "docs/lab11", "docs/lab12", "docs/lab2", "docs/lab3", "docs/lab4", "docs/lab5", "docs/lab6", "docs/lab7", "docs/lab8", "docs/lab9", "docs/logos-icons", "docs/pod"], "envversion": {"sphinx": 62, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1}, "filenames": ["docs/PDFs.md", "docs/home.md", "docs/lab1.md", "docs/lab10.md", "docs/lab11.md", "docs/lab12.md", "docs/lab2.md", "docs/lab3.md", "docs/lab4.md", "docs/lab5.md", "docs/lab6.md", "docs/lab7.md", "docs/lab8.md", "docs/lab9.md", "docs/logos-icons.md", "docs/pod.md"], "indexentries": {}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"": [2, 3, 4, 5, 6, 8, 9, 10, 13], "0": [2, 3, 4, 5, 8, 9, 10, 11, 12], "0xtf": 9, "10": [2, 5, 8, 9, 10, 12, 13], "100": [8, 11, 12], "105": 1, "12": [2, 3, 5], "129": 10, "149": 8, "15": 10, "16": [1, 2, 5, 8, 10, 11, 12, 13], "168": [2, 3, 10, 11], "172": [2, 8, 11, 12], "1918": [8, 9, 10], "192": [2, 3, 10, 11], "1a": [5, 8, 13], "1b": 8, "1x": 6, "20": [6, 10], "200": 11, "22": [1, 2, 3], "225": 12, "23": 3, "24": [2, 5, 8, 11, 12], "26": 6, "27": 9, "28": 5, "2a": [6, 9], "2x": [2, 6], "30": [8, 12], "32": 5, "3x": 6, "40": [5, 13], "443": 8, "5": 2, "50": 3, "53": [9, 10], "6": [4, 12], "60": 5, "63": [1, 10], "64512": 3, "64513": 12, "64514": 12, "64515": 3, "7": [1, 9, 10], "71": 1, "8": [1, 3, 5, 11], "9": [1, 4, 10], "A": 8, "AS": [3, 12], "As": [2, 6, 8], "At": [1, 3, 6, 7, 8, 9, 10], "Be": [6, 8, 11], "By": [1, 4, 5], "For": [6, 11, 12], "If": [1, 3, 5, 6, 8, 9, 10, 12, 13], "In": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "It": [2, 3, 6, 8], "Its": 11, "NOT": [2, 3, 6, 8, 9], "No": [3, 5, 9, 12, 13], "Not": 9, "ON": [9, 10, 11], "OR": 3, "Of": [9, 12], "On": [3, 4, 5, 6, 8, 9, 10, 12, 13], "TO": [3, 8], "The": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "Then": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12], "There": 12, "These": [1, 4, 5, 6, 8, 13], "To": [1, 3, 6, 8], "With": [4, 9], "abl": [1, 3, 6, 7, 8, 9, 10, 13], "about": [2, 4, 5, 8, 10, 11, 12, 13], "abov": [3, 4, 5, 6], "absenc": [3, 9], "absolut": [5, 13], "ac": 0, "access": [7, 10, 12, 15], "accomplish": [10, 12], "accord": 3, "account": [2, 5, 6, 13], "achiev": [3, 8, 11], "across": [3, 7], "action": [3, 5, 6, 8, 9, 10, 11, 13], "activ": [4, 9, 10, 11], "activemesh": [0, 1], "actual": 8, "ad": [3, 4], "add": [5, 9, 10, 11], "addit": [1, 2, 3, 5, 6, 8, 9, 10, 12], "addition": 6, "addr": 10, "address": [5, 6, 9, 10, 11, 12, 13], "adjust": 6, "admin": [2, 10], "administr": 12, "adopt": 3, "advanc": 3, "advertis": [5, 12, 13], "affect": 3, "aforement": [5, 9, 13], "aft": 3, "after": [3, 4, 5, 6, 7, 9, 10, 11, 12, 13], "afternoon": 1, "afterward": [2, 5, 6, 9, 12], "again": [2, 3, 4, 5, 6, 8, 9, 10, 12], "against": 9, "aggress": 6, "aid": 1, "aka": [1, 3, 7, 8, 10], "akin": 6, "alert": [5, 13], "algorithm": 8, "alia": 5, "aliv": 8, "all": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "alloc": [3, 6], "allow": [4, 9, 10, 12], "almost": [2, 9, 10], "along": [8, 12], "alreadi": [3, 4, 6, 10, 11, 12], "also": [2, 3, 4, 5, 8, 9, 12, 13], "alt": 4, "altern": [2, 9], "although": [3, 10, 12], "alto": [1, 10], "alwai": [2, 3, 6, 7], "among": [3, 6, 7], "an": [1, 2, 4, 6, 8, 10, 11, 12, 13], "ani": [3, 5, 6, 8, 9, 10, 11, 12, 13], "anoth": [3, 4, 5, 11, 12, 13], "anyth": 9, "anywher": [3, 9, 10], "api": [0, 1, 10], "app": 4, "appear": 6, "appiq": 8, "appli": [3, 4, 5, 7, 8, 9, 10, 12, 13], "applic": [2, 5, 13], "approach": 9, "appropri": [7, 8], "approv": 4, "approxim": 3, "apt": 12, "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "arc": 7, "architectur": [6, 7], "arrow": [3, 5, 9], "ask": [1, 3, 9, 12], "asn": [3, 12], "assess": 4, "asset": [2, 5, 9, 13], "assign": [2, 3, 8, 10, 11], "assocci": 12, "associ": [5, 7, 9, 10, 13], "assum": 2, "attach": [1, 2, 5, 10, 13], "attachemnt": 12, "attack": 9, "attempt": [8, 9], "attent": [1, 6], "attribut": 12, "authent": 10, "authet": 11, "author": [4, 9], "auto": [4, 8, 9, 10], "autom": 4, "automat": [8, 9, 10, 11], "avail": [1, 2, 4, 5, 6, 8, 9, 11, 12], "aviatrix": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "aviatrixlab": 11, "aviatrixsystem": 4, "avod": 3, "avx": 10, "avxadmin": 10, "aw": [1, 3, 4, 5, 7, 8, 9, 12], "awai": 12, "awar": 12, "az": [2, 5, 6, 8, 9, 10], "azur": [1, 3, 5, 7, 8, 13], "back": [2, 4, 5, 6, 8, 10, 11, 12], "backbon": 7, "backup": 12, "bar": [2, 10], "base": [3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "bash": 11, "beahvior": 3, "bear": [2, 3, 6, 12], "becaus": [3, 5, 7, 8, 9, 10, 12, 13], "becom": 8, "been": [3, 5, 6, 9, 10, 12, 13], "befor": [1, 2, 3, 5, 6, 9, 10, 11, 12], "begin": [2, 6, 9, 10], "behaviour": 9, "being": [6, 9, 10, 12], "belong": [3, 5, 9, 13], "below": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 15], "besid": 9, "best": [6, 12], "better": [8, 9], "between": [4, 6, 7, 8, 10, 11], "bgp": [3, 5, 12, 13], "bgpoverlan": [11, 12], "bidirect": [6, 7], "bill": [5, 13], "bit": [2, 12], "block": [2, 4, 5, 9, 13], "blown": [1, 3, 4, 10], "blue": [3, 7], "bootcamp": 1, "bootstrap": [1, 10], "border": [3, 12], "both": [2, 3, 5, 6, 8, 9, 10, 12, 13], "bottom": [5, 6, 9, 10], "branch": [7, 10, 11], "bring": 8, "browser": [1, 10], "build": [4, 6, 11], "bunch": 12, "bundl": 10, "busi": 8, "button": [2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "c6in": 6, "call": [1, 3, 5, 10, 13], "can": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15], "candid": 9, "cannot": 1, "capabl": [3, 8, 12], "care": 10, "carri": [3, 8], "case": [1, 12], "cat": 11, "caus": [4, 9], "cd": 4, "center": [5, 13], "central": [2, 6, 12], "central1": [3, 5, 6, 7, 10, 11, 12, 13], "centralis": 6, "certif": 10, "cfg": 11, "challeng": 8, "chang": [2, 3, 4, 5, 6, 8, 9, 11, 12], "channel": 10, "check": [0, 2, 3, 6, 8, 9, 10, 11, 12], "checkbox": 3, "chmod": 9, "choos": [3, 5, 8, 9, 10, 11, 13], "chose": 5, "chrome": 1, "cidr": [2, 5, 9, 11, 12, 13], "circl": 6, "class": 1, "classic": 12, "classifi": [3, 5], "clean": 2, "clearli": [3, 6, 9], "click": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], "client": [1, 5, 8, 9, 12, 13], "clipboard": 4, "close": [4, 6, 12], "cloud": [0, 1, 2, 5, 7, 8, 10, 12, 13], "cluster": [6, 8, 12], "code": [4, 15], "collaps": 6, "color": [2, 7], "column": 5, "com": [9, 11, 13], "comfort": 1, "command": [4, 5, 8, 9, 11, 12, 13], "commit": [3, 5, 6, 9, 10, 13], "commun": [3, 6, 7, 8, 10], "compar": 4, "complement": 4, "complet": [2, 3, 5, 6, 10, 11, 12, 13], "complianc": 8, "compon": [3, 6], "compris": 6, "compromis": 12, "condit": [3, 5, 9], "conf": 11, "config": 8, "configur": [1, 2, 3, 4, 5, 9, 12], "confirm": [2, 3, 5, 6, 8, 10, 12], "conflict": 2, "congratul": 4, "connect": [4, 9], "consid": 12, "consol": [6, 8, 11], "construct": [1, 2, 8], "consum": [6, 9], "contact": [9, 10], "contain": [3, 4], "content": [4, 11, 13], "continu": [2, 5, 9, 10], "control": [2, 3, 4, 8, 10, 11, 12, 14], "converg": 8, "coonfigur": 11, "copi": [4, 5, 9, 11, 13], "copilot": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "core": 7, "corner": [2, 6, 8, 10], "corpor": 1, "correct": 9, "correctli": 12, "correspon": [5, 13], "correspond": [3, 4, 5, 6, 9, 10], "cost": [5, 9, 13], "costiq": [0, 1], "could": [6, 8, 9, 11], "cours": [9, 12], "cover": 1, "creat": [6, 7, 8, 10, 11, 12], "creation": [1, 6, 7, 9, 10, 11, 12, 13], "credenti": [2, 4, 8, 10, 12], "criteria": [5, 13], "critic": 3, "csp": [3, 7, 9, 11, 13], "ctrl": 4, "cumbersom": 6, "curl": [5, 9, 13], "current": [3, 9, 10], "custom": [1, 7, 10], "customis": 7, "dai": 1, "dash": [6, 8], "dashboard": [6, 10], "data": [3, 4, 5, 9, 12, 13], "databas": [5, 13], "db": [12, 13], "dc": [5, 6, 11, 12], "dcf": [5, 10], "deafultthreatgroup": [5, 13], "decis": [4, 9, 12], "declar": 4, "decrypt": 3, "dedic": 1, "deem": [5, 13], "default": [2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "defaultdenyal": [9, 10], "defaultdenyrul": 9, "defend": 13, "defin": [2, 3, 5, 7, 10, 12, 13], "delet": [3, 5, 9, 13], "deliv": 12, "demonstr": [3, 5, 8, 9, 13], "deni": [3, 10, 13], "depend": 8, "depict": [2, 6, 7, 8, 11, 12], "deploi": [1, 2, 3, 4, 6, 10, 11, 12], "deploy": [2, 4, 5, 6, 11, 13], "describ": 12, "design": [0, 1, 6, 14], "desir": [4, 7], "desktop": [1, 4, 12], "despit": 3, "destin": [3, 5, 8, 9, 10, 12, 13], "detail": 8, "detect": 9, "determin": 5, "determinist": 8, "devic": [4, 11, 12], "diagnost": [5, 8, 11, 12, 13], "dictat": 6, "didn": 8, "differ": [2, 5, 6, 7, 8], "difficult": 6, "dig": 11, "direct": [3, 6], "directli": [3, 4, 7, 8], "directori": 4, "disabl": 8, "discov": [3, 5, 13], "dismiss": 10, "displai": 8, "disrupt": [8, 9], "distinct": 3, "distribut": [0, 1, 5, 9, 10, 13], "dn": [6, 9, 10, 11], "do": [2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13], "doc": 4, "document": 1, "doe": [1, 3, 4, 6, 8, 10, 11], "doesn": 10, "domain": [3, 9, 10], "don": [3, 6, 8], "done": 8, "dot": [5, 6, 9, 10, 12, 13], "down": [1, 2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "download": [0, 4, 8], "draft": [3, 5, 9, 10, 13], "draw": [3, 11], "driven": [4, 11], "drop": [2, 3, 6, 8, 9, 10, 11, 12], "due": [3, 9, 10, 11, 12], "dure": 3, "dynam": [3, 6], "e": [1, 2, 3, 6, 7, 9, 10, 11, 12], "each": [1, 2, 3, 6, 7, 8, 10, 11, 12], "earli": 10, "earlier": [8, 10, 12], "eas": 7, "easi": 11, "easili": 4, "east": [1, 4, 5, 7, 8, 9, 10, 12, 13], "east1": [5, 8], "east2": [3, 6, 8, 9], "ec2": [3, 5, 6, 8, 12], "echo": 3, "edg": [0, 1, 4, 5, 6, 11, 13], "edit": [5, 6, 7, 8, 10, 11, 12], "editig": 11, "effect": 9, "egress": [1, 3, 10], "eight": 2, "either": [6, 7, 11], "element": [4, 6], "email": 5, "embrac": 10, "employe": 1, "empti": [3, 5, 9, 12], "emul": 11, "enabl": [3, 4, 5, 7, 10, 12], "encompas": 3, "encrypt": [0, 1, 6, 11, 12], "end": [0, 1, 2, 5, 7, 8, 9, 10, 11, 12], "enforc": [3, 10, 13], "engin": 8, "eni": 8, "ensur": [3, 5, 6, 9, 13], "enter": [3, 4, 5, 6, 8, 9, 10, 12, 13], "enterpris": [3, 6, 7, 8], "entir": 8, "entri": [5, 9, 10, 13], "environ": [3, 4, 6, 7, 9], "eod": 0, "equal": 12, "error": 10, "espn": 9, "essenti": 9, "establish": [3, 4, 6, 9, 11, 12], "etc": 11, "ethernet1": 10, "etho": 12, "evalu": 9, "even": 10, "everyth": [3, 9], "evid": 3, "exact": 6, "exactli": 12, "exampl": [2, 11], "exchang": 12, "exclud": 3, "exclus": 9, "execut": [3, 4, 9, 12], "exercis": [0, 4], "exist": [2, 3, 6, 9, 10, 11, 12], "expand": [2, 3, 6, 8, 11, 12], "expens": 10, "experi": [5, 6, 8, 10], "explicit": [3, 10], "explicitli": 4, "explor": [2, 4, 7, 9, 12, 13], "export": 12, "extend": [7, 12], "extern": 11, "fabric": [3, 5, 7, 8, 9, 10, 11, 12, 13], "facilit": 10, "fact": [3, 9], "fail": [3, 5, 8], "familiaris": 2, "far": 12, "fast": 8, "featur": [3, 7, 8, 11, 12], "fetch": 6, "few": 4, "field": [2, 3, 5, 9, 10, 11, 12], "fifteen": 6, "figur": 6, "file": [4, 10, 11], "fill": [8, 12], "filter": [2, 3, 5, 8, 9, 10, 11, 12, 13], "final": [2, 3, 5, 6, 7, 8, 9, 10, 12, 13], "find": [4, 5, 6, 8, 9, 13], "finish": 4, "firefox": 1, "firenet": [1, 2], "firewal": [0, 1, 5, 7, 9, 11, 13], "first": [3, 4, 5, 8, 9, 10, 11, 12], "flag": 3, "flat": [3, 7], "flexibl": 3, "flow": [8, 10, 12], "flowiq": [5, 8, 13], "folder": [4, 10], "follow": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "footbal": 9, "foremost": [3, 5, 9, 12], "forget": [3, 5, 6, 8, 9, 10, 12, 13], "format": 8, "forward": 8, "found": 9, "four": 2, "frequent": [5, 6], "fresh": 1, "fridai": [0, 1], "from": [1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "full": [1, 3, 4, 6, 9, 10, 12], "function": [1, 2, 3, 8, 9, 10, 12], "furthermor": 9, "fw": 10, "g": 1, "garden": 8, "gatewai": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "gather": 9, "gcp": [3, 5, 7, 8, 11, 12, 13], "gener": [3, 4, 8, 10], "get": [2, 5, 6, 8, 9, 10, 13], "githubusercont": 9, "give": [6, 12], "given": 1, "global": [2, 4, 5, 6, 13], "go": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "goe": 8, "good": 9, "googl": [9, 13], "got": [2, 3, 12], "grafana": 4, "granular": 9, "grayedout": 12, "green": [2, 3, 7, 8, 10, 11, 12], "greendfield": 9, "greenfield": [3, 5, 9, 10, 13], "grei": [6, 10, 11], "group": [5, 7, 8, 9, 13], "guarante": 9, "guid": [4, 6], "gw": [3, 6, 7, 8, 9, 10, 11], "ha": [2, 3, 4, 5, 6, 8, 9, 10, 12], "had": 10, "hand": [2, 3, 5, 6, 8, 9, 10, 12, 13], "handl": 10, "happen": 6, "har": 12, "hardwar": 4, "have": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "heal": 8, "health": [6, 8], "help": [7, 8, 9], "henc": 10, "here": [2, 4, 7, 8, 11, 12], "hidden": [4, 5], "high": [0, 1, 6], "highest": 12, "highlight": 7, "hit": [2, 9, 10], "hoc": 3, "home": 4, "hop": [8, 12], "host": [4, 9, 11], "hour": 5, "hourglass": 2, "hover": 7, "how": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "howev": [3, 6, 9], "hpe": [6, 12], "http": [4, 5, 9, 10, 13], "hub": [3, 6, 7], "huge": 8, "hybrid": [8, 12], "hyperlink": 10, "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12], "iac": [0, 1], "icmp": [10, 11], "icon": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "id": [3, 6], "identifi": [4, 5, 11, 13], "igw": [2, 5, 9, 13], "ikev2": 11, "imag": 10, "immedi": [2, 4, 5, 6, 9, 10, 11, 13], "impact": [3, 9], "implement": 7, "improv": 9, "inadvert": 9, "includ": [1, 6, 10, 14], "increasingli": 6, "inde": [6, 12], "indic": [6, 9, 10], "individu": 4, "inetutil": 12, "info": [2, 5, 7, 8, 10, 12, 13], "inform": [2, 4, 6, 8, 9], "infrastructur": [4, 6], "ingress": 10, "init": 4, "initi": [1, 3, 4, 5, 9, 10, 11, 13], "inject": 9, "inner": 6, "input": 8, "insan": [1, 8], "insert": [2, 3, 4, 5, 9, 10, 12, 13], "insid": [1, 2, 4, 5, 6, 9, 12], "insight": [1, 5, 9, 13], "inspect": [3, 5, 7, 10, 12, 13], "instal": [1, 3, 9, 12], "instanc": [1, 3, 5, 6, 7, 8, 10, 11, 12, 13], "instant": 9, "instanti": [6, 8], "instead": 11, "instructor": [5, 13], "integr": 4, "intellig": 8, "intend": 1, "interconnect": 12, "interfac": [2, 4, 8, 10, 12], "internet": [2, 9, 10, 11, 13], "interrupt": 8, "interv": 6, "introduc": 10, "introduct": 0, "intrus": 9, "invalid": 10, "investig": [3, 4], "invis": 9, "invok": [2, 8], "involv": [3, 11, 12], "io": 4, "ip": [1, 3, 5, 6, 7, 9, 10, 11, 12], "ipsec": [6, 11], "ipv4": 13, "island": 4, "issu": [5, 9, 11, 13], "its": [3, 5, 6, 8, 9, 10, 11, 12, 13], "just": [2, 3, 6, 8, 10, 12], "keep": [8, 11], "kei": [3, 4, 10, 11, 13], "kept": [3, 5, 13], "keyboard": [4, 12], "kibibyt": 12, "kind": [3, 8, 9, 12], "kindli": 5, "knob": [3, 8, 9, 10, 12], "know": [4, 5, 9, 10], "knowledg": 0, "known": [5, 6, 8, 9, 13], "lab11": 4, "lab6": 10, "lab7": 11, "lab8": 11, "lan": [11, 12], "land": 12, "laptop": [1, 9, 11], "larg": [6, 8], "larger": 4, "last": [3, 5, 8, 9], "latenc": 8, "later": [1, 7, 10], "latest": 4, "launch": [8, 9, 11, 12], "layer": [7, 9], "learn": [1, 5, 10, 12, 13], "least": [8, 9], "legend": 6, "length": 12, "less": 4, "lesson": 4, "let": [0, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13], "leverag": 3, "like": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "likewis": [1, 3, 6, 7], "line": [4, 6, 8, 12], "link": [0, 8, 14], "list": [2, 3, 5, 6, 9, 10, 12, 13], "littl": [2, 12], "live": 4, "load": 10, "local": [3, 5, 9, 11, 12, 13], "locat": [3, 4, 6], "lock": 3, "log": [2, 3, 4, 5, 9, 10, 13], "logic": [3, 7, 8], "login": [2, 4, 8, 10], "logo": 6, "long": 10, "look": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "lose": 4, "lost": 6, "lot": [4, 10], "love": 4, "lower": 3, "lunch": 4, "lx": 12, "lxtermin": 4, "mac": 4, "machin": [4, 5, 6, 9, 13], "magic": 10, "mai": [1, 5, 6, 8, 10, 12], "main": 4, "maintain": [4, 5, 6, 13], "major": 6, "make": [2, 4, 5, 6, 8, 9, 10, 13], "malici": [1, 5, 9], "manag": [3, 6, 10, 11, 12], "mani": [5, 13], "manifest": 4, "manipul": [10, 12], "manner": 11, "manual": [6, 11], "map": [2, 6, 10, 11, 12], "marketplac": 10, "master": 9, "match": [3, 9, 10], "maximum": [6, 10], "mayb": 10, "mc": 4, "mcna": [0, 1, 3, 12], "mean": [4, 9, 10, 12], "meanwhil": 6, "mechan": [12, 13], "medium": [5, 6, 8, 13], "meet": [5, 13], "mention": 1, "menu": [4, 7, 12], "mesh": [3, 4, 6], "messag": [2, 6, 9, 10, 12], "metadata": 5, "method": [3, 11], "metric": [3, 6, 8], "mgmt": 10, "micro": 4, "microsoft": 13, "middl": 10, "might": [5, 6, 8, 10, 13], "mind": [2, 3, 6, 8, 12], "minut": [2, 3, 4, 5, 6, 8, 10, 11, 12, 13], "misconfigur": 6, "mod01": 0, "mod02": 0, "mod03": 0, "mod04": 0, "mod05": 0, "mod06": 0, "mod07": 0, "mod08": 0, "mod09": 0, "mod10": 0, "mod11": 0, "mod12": 0, "mod13": 0, "mod14": 0, "mod15": 0, "mod16": 0, "mod17": 0, "mode": [1, 8, 9], "modifi": [3, 8], "modul": 4, "monitor": [2, 3, 5, 6, 8, 9, 10, 12], "more": [3, 4, 5, 8, 13], "moreov": [2, 6, 10], "move": [4, 5, 9, 13], "much": 12, "multi": [1, 6, 10, 12], "multicloud": [1, 4, 7], "multipl": [6, 12], "must": [1, 6, 10], "n": [5, 8, 13], "n1": 6, "nacl": 8, "name": [2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "namespac": 4, "nat": [3, 9, 11], "nativ": [6, 8, 9], "navig": [2, 4, 5, 6, 10], "nearbi": 3, "need": [4, 5, 6, 8, 9, 10, 11, 12], "neither": 7, "netflow": [5, 9, 12, 13], "network": [0, 1, 11], "networkinsight": 0, "never": 3, "nevertheless": [9, 12], "new": [3, 4, 6, 7, 8, 10, 11, 12], "newli": 4, "next": [4, 5, 6, 8, 10], "ngfw": [3, 10], "nine": [6, 8], "node": 7, "non": [8, 9], "north": 10, "note": [3, 5, 10, 13], "notic": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "notif": [2, 5, 12], "notifi": 12, "now": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "nslookup": 11, "number": [3, 6, 8, 11, 12], "o": [9, 11], "observ": [2, 9], "occur": [3, 7], "off": [3, 6, 8, 9, 12], "offici": 4, "ohio": 6, "ok": [3, 11], "onboard": 7, "onc": [2, 3, 4, 5, 6, 8, 10, 12], "one": [1, 2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "onli": [3, 6, 7, 9, 10, 13], "onprem": 11, "onprempartn": 11, "onward": 5, "open": [2, 3, 4, 6, 7, 12], "oper": 12, "opposit": 6, "optim": 9, "option": [5, 7, 9, 11, 12, 13], "orchestr": [3, 10, 12], "order": [5, 6, 7, 8, 9, 10, 12], "oregon": 2, "org": 9, "other": [1, 3, 4, 6, 7, 8, 9, 11], "otherwis": 1, "our": 4, "out": [3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "outboud": 1, "outcom": [3, 5, 8, 9, 10, 12], "outer": 6, "output": 9, "over": [4, 7, 11, 12], "overal": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "overcom": 8, "overlap": [1, 2, 11], "overview": [8, 9, 12], "own": [9, 12], "owner": 3, "pacif": 1, "packag": [1, 10, 12], "packet": 9, "page": [2, 4, 6, 8, 10], "pai": [1, 6], "pair": [6, 8], "palo": [1, 10], "paloalto": 10, "panel": 2, "parament": 10, "paramet": [3, 5, 6, 9, 10, 13], "particular": 1, "partner": [1, 7, 10, 11], "partner1": 11, "pass": 10, "password": [2, 9, 10, 12], "past": [4, 10], "path": [3, 8, 9], "patient": [2, 6, 8, 10, 11], "pc": 1, "pdf": 8, "peer": [3, 12], "pencil": [5, 6, 7, 8, 9, 10], "pend": [6, 8], "per": [2, 6], "perfect": 4, "perfectli": 3, "perform": [0, 1, 6, 9], "period": [2, 5], "permit": [1, 3, 5, 9, 10, 13], "person": [1, 2, 3, 4, 5, 6, 11, 12, 15], "perspect": 12, "pictur": 15, "ping": [3, 5, 6, 7, 8, 10, 11, 12, 13], "pinpoint": [5, 9], "place": [3, 9, 11], "plan": 4, "plane": [3, 9, 12], "platform": [4, 6, 10], "pleas": [0, 1, 2, 3, 5, 6, 8, 10, 11, 12, 13], "pod": [1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12], "point": [2, 3, 5, 6, 7, 8, 9, 13], "polici": 3, "pop": [2, 3, 5, 6, 9, 10, 12, 13], "popul": 10, "port": [1, 3, 8, 9, 10], "portal": [1, 2, 3, 4, 6, 9, 10, 11, 12], "possibl": [3, 9, 10], "postur": 9, "potenti": 9, "power": [6, 12], "practic": 6, "pre": [1, 6, 8, 10, 11], "preconfigur": 11, "prefer": [3, 12], "prefix": [6, 10], "prem": [6, 8, 10, 12], "premis": [7, 11], "prepar": [1, 4, 10], "prepend": 5, "preprovis": 6, "presenc": [6, 9, 11, 12], "present": [3, 10], "press": 4, "prevent": 3, "preview": 3, "previou": [3, 4, 6, 8, 13], "previous": [2, 4, 5, 8, 9, 12], "primari": 12, "prioriti": 9, "privat": [2, 3, 6, 7, 8, 10, 11, 12], "proce": [3, 6, 9, 12], "proceed": [5, 6, 8], "process": [1, 4, 6, 12], "product": 6, "prof": 0, "program": [8, 10], "progress": [2, 5, 6, 10, 13], "prometheu": 4, "prompt": [4, 10], "proofpoint": [5, 13], "properli": 3, "properti": [6, 8], "propos": 4, "protect": [5, 13], "protocol": [3, 5, 8, 9, 10, 12, 13], "provid": [1, 4, 5, 6, 8, 9, 13], "provis": [6, 10, 12], "psk": 11, "public": [2, 3, 6, 8, 9, 10, 11, 12, 13], "public_ip": [6, 7], "publlic": 9, "pull": 7, "purpos": [2, 9], "pwd": 9, "queri": 9, "quickli": 4, "quit": 3, "rang": [2, 9], "rate": [4, 12], "rather": 4, "raw": 9, "rbac": 0, "reach": [3, 9, 11, 12, 13], "reachabl": [3, 7, 8], "read": [5, 13], "readi": [10, 12], "real": 11, "reason": 3, "receiv": [4, 5, 10], "recipi": 5, "recommend": [3, 6], "reconverg": 8, "recreat": 10, "recurs": [8, 11], "red": [8, 10, 11], "reduc": 9, "redund": 12, "refer": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "reflect": [2, 3, 6, 8, 11], "refresh": [2, 5, 6, 8, 9, 10, 11, 12], "regard": 12, "region": [1, 2, 3, 5, 6, 8, 12, 13], "regist": 12, "registri": 4, "regularli": [5, 13], "rel": [5, 13], "relat": [3, 10, 12], "relaunch": [3, 8, 12], "relev": [3, 7], "reli": [5, 6, 13], "remain": [5, 8, 9, 13], "rememb": 10, "remot": [4, 11, 12], "remov": [0, 5, 8, 9], "repeat": [3, 5, 6, 8, 12, 13], "replac": [9, 11], "replace_with_spoke_gw_public_ip": 11, "repli": 3, "report": [5, 8, 13], "repres": [6, 7, 9], "reput": [5, 13], "request": 9, "requir": [3, 4, 5, 7, 8, 10, 13], "rerout": 9, "resid": [5, 6, 8, 13], "resili": 8, "resolv": 11, "resourc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "respect": [6, 7, 8], "respons": 10, "rest": [3, 6, 12], "restart": 8, "restor": 2, "restrict": [1, 7], "result": [2, 6], "retest": [7, 8], "retriev": [6, 9, 10, 11, 13], "return": 10, "reveal": 12, "reverifi": 8, "rfc": [8, 9, 10], "rfc1918": [8, 9, 10], "rib": 6, "rid": 10, "righ": 3, "right": [1, 2, 3, 5, 6, 8, 9, 10, 12, 13], "root": 9, "roughli": 10, "rout": [2, 3, 5, 7, 9, 11, 12, 13], "router": [1, 10, 11, 12], "row": [5, 10], "rtb": 8, "rule": 10, "run": [4, 5, 6, 8, 11, 12, 13], "safari": 1, "sake": 6, "same": [2, 3, 4, 5, 6, 8, 9, 10, 12], "save": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "scalabl": 8, "scale": 10, "scenario": [9, 11], "scope": 1, "scratch": 11, "screen": [10, 11, 12], "screenshot": [2, 5, 6, 8, 13], "script": 11, "scroll": [8, 12], "sd": 12, "sdn": 12, "search": [2, 3, 5, 8, 9, 11, 12, 13], "second": [6, 8, 10, 12], "section": [2, 3, 4, 5, 6, 8, 10, 11, 12], "secur": [0, 1, 3, 4, 5, 7, 8, 10, 13], "see": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "seem": 12, "segment": [0, 1, 10, 12], "segreg": 7, "select": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "self": 10, "semplic": 6, "send": [5, 13], "sens": 3, "sent": 3, "separ": [1, 3, 8], "seri": [1, 10], "server": [4, 6, 9], "servic": [2, 3, 5, 8, 9], "session": [4, 8, 10, 11, 13], "set": [3, 4, 5, 6, 8, 10, 11, 12], "sever": [3, 6], "sg": [3, 5, 9], "sh": 11, "share": [1, 5, 10, 11], "shift": 4, "should": [1, 3, 4, 5, 6, 9, 10, 13], "show": [3, 4, 5, 6, 8, 9, 10, 12, 13], "shown": [2, 5, 6, 7, 10, 13], "shut": 8, "side": [2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "sidebar": 4, "sign": 10, "significantli": 10, "similar": [3, 7, 11, 12], "simpl": [4, 6], "simpli": 9, "simplic": 6, "simplifi": [4, 6, 10], "simultan": [8, 12], "sinc": [2, 7, 11], "singl": [1, 3, 6, 8, 9, 12], "sit": 9, "site": 11, "site2cloud": [0, 1, 7], "six": 6, "size": [5, 6, 8, 10, 13], "slide": 0, "slider": 9, "slow": 10, "smartgroup": [3, 10], "smoothli": 3, "snat": [9, 10], "so": [1, 7], "softwar": 12, "sole": [3, 8, 9, 13], "solid": [6, 8], "solut": [1, 3, 4, 7, 10, 12], "some": [1, 2, 4, 6, 8, 10, 12, 13], "someth": 6, "soon": [0, 2, 6], "sourc": [3, 4, 5, 8, 9, 10, 13], "south": 10, "space": [2, 10, 11], "special": [1, 6], "specialti": [5, 13], "specif": [1, 9, 10], "specifi": 9, "speed": 8, "splash": 10, "spoke": [1, 2, 7, 9, 11], "spoke1": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12], "spoke2": [1, 3, 5, 6, 7, 8, 10, 13], "ssh": [1, 5, 6, 7, 8, 10, 11, 12], "ssl": 9, "stage": [6, 8], "standard": 6, "standard_b2m": 6, "standard_d3_v2": 10, "start": [2, 6, 9, 11], "stat": [4, 8], "state": [3, 4, 6, 8, 10], "statement": 4, "statemet": 4, "static": [6, 10, 11], "statist": 4, "statu": [2, 4, 6, 8, 11], "step": [1, 6, 8, 10], "still": [3, 8, 10, 12], "stop": [5, 8], "storag": 10, "stream": 10, "string": [10, 11], "strong": 10, "strongswan": 1, "student": [1, 6, 7, 9, 12], "studio": 4, "su": 9, "sub1": [2, 6], "subnet": [2, 3, 6, 8, 10, 11, 12, 13], "subscript": 10, "subsequ": [2, 6, 11, 12], "success": [3, 9, 10, 12], "successfulli": [2, 3, 5, 9, 10, 12], "sudo": [9, 11, 12], "suggest": 5, "summari": [5, 8], "support": 1, "sure": [2, 5, 6, 10, 13], "suricata": [3, 9], "survei": 0, "swanctl": 11, "switch": 8, "symbol": [10, 11], "system": 9, "t": [3, 6, 8, 9, 10], "t2": [5, 6, 13], "tab": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "tabl": [2, 3, 5, 7, 8, 9, 10, 13], "tag": [3, 5, 13], "take": [2, 3, 6, 8, 10, 12], "taken": 10, "target": [9, 12], "task": [2, 6, 11, 12], "tcp": [3, 8], "technologi": 8, "templat": [2, 5, 10, 11, 12, 13], "temporari": 8, "temporarili": 8, "term": 6, "termin": [3, 5, 6, 7, 11, 12, 13], "terraform": 1, "test": [1, 3, 5, 6, 7, 13], "test1": [3, 5, 6, 7, 8, 9, 10, 11, 12], "test2": [3, 8, 9], "testmynid": 9, "tf": 4, "tfstate": 4, "tfvar": 4, "than": 4, "thank": [3, 9], "thei": [0, 2, 5, 12, 13], "them": [4, 6, 7], "ther": 9, "therefor": [2, 3, 4, 5, 6, 9, 10, 12], "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "thing": 4, "thit": 3, "those": [3, 6, 8, 12], "threat": [3, 5, 13], "threatgroup": [5, 13], "threatguard": 5, "threatiq": [0, 1], "three": [3, 5, 6, 7, 9, 10, 12], "threee": 12, "through": [2, 3, 6, 7, 8, 9, 10, 12], "throughout": 1, "throughput": 10, "thu": 12, "tier": 1, "time": [1, 2, 3, 5, 6, 7, 8, 9, 10, 12], "timer": [6, 8], "timestamp": [5, 9], "tl": 3, "tmnid": 9, "tmp": 9, "togeth": 0, "toggl": [5, 9], "too": 10, "tool": 11, "top": [2, 3, 6, 8, 10, 12], "topologi": [3, 4, 12], "topopologi": 6, "tor": 9, "torn": 1, "total": 6, "toward": [4, 8, 9, 10, 12], "tracerout": 12, "traffic": [8, 10, 12], "train": [0, 1], "trainer": 1, "transit": [0, 1, 2], "transit_gatewai": 4, "translat": 9, "transmit": 4, "tri": 9, "trigger": [2, 5, 13], "troubl": 4, "troubleshoot": [6, 12], "trust": 4, "try": [3, 9, 10], "tunnel": [6, 8, 11], "turn": [3, 5, 8, 9, 10, 12], "turnkei": 10, "two": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "type": [2, 5, 6, 9, 11, 12, 13], "typic": [3, 11], "u": [1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12], "udp": [9, 10], "ui": [2, 4, 5, 12], "ultim": 12, "unaffect": 9, "unattach": 8, "unchang": 3, "under": [5, 10, 12], "underlai": [2, 12], "underli": 8, "understand": [3, 9], "undoubtetli": 3, "uniqu": [3, 6, 10], "unless": [1, 7], "unmanag": 6, "unreach": 8, "until": [1, 3, 4, 10, 12], "untrust": 8, "unus": [5, 13], "up": [2, 3, 5, 6, 9, 10, 11, 12, 13], "updat": [5, 6, 11, 13], "update_swanctl": 11, "upon": 9, "url": [2, 3, 8, 9, 10, 13], "us": [1, 2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "user": [0, 2], "usernam": 10, "util": [5, 8, 13], "utilis": [1, 11], "v": 4, "valid": [1, 3, 5, 6], "valu": [2, 3, 5, 6, 9, 13], "vari": 10, "variabl": 4, "vcn": [3, 6, 7, 8, 10], "vendor": 4, "veri": [3, 6, 9, 10, 12], "verif": [2, 12], "verifi": [1, 5, 6, 7, 8, 9, 11, 12, 13], "version": [4, 10], "via": [10, 12], "view": [2, 5, 6, 7, 15], "virginia": [5, 8, 13], "virtual": [5, 6, 9, 10, 11, 13], "visibl": [8, 9, 12], "visual": 4, "vm": [1, 6, 7, 10, 12], "vnet": [1, 3, 5, 6, 7, 8, 9, 10, 11, 13], "vpc": [1, 3, 5, 6, 7, 9, 10, 11, 12, 13], "vpn": 0, "wa": [2, 3, 4, 5, 8, 9, 10, 11, 12], "wai": [5, 13], "wait": [2, 5, 8, 10, 11, 12, 13], "wall": 8, "wan": 12, "want": [2, 3, 9], "warn": 10, "watch": 9, "we": [4, 5, 6, 7, 8, 9, 10, 11, 13], "web": [2, 5, 6, 8, 9, 10], "webgroup": 5, "websit": 9, "week": [0, 1], "welcom": 10, "well": [5, 7, 8, 13], "were": [8, 10], "west": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 13], "west2": [2, 6], "what": [3, 4, 5, 6, 7, 8, 9, 11], "when": [4, 5, 6, 8, 10, 12, 13], "where": [3, 4, 5, 8, 10, 13], "wherea": [6, 12], "wherebi": [3, 9], "whether": [2, 3, 9], "which": [1, 4, 6, 9, 10], "while": [5, 6, 7, 10, 13], "white": 2, "whole": 3, "whom": 9, "why": 8, "widget": [4, 12], "wikipedia": 9, "window": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "within": [6, 8, 9, 10, 11, 12], "without": [3, 6, 7, 9, 10, 12], "wll": 9, "word": 1, "work": [3, 4, 5, 9, 10, 11, 13], "workflow": 11, "workload": [5, 6, 7, 13], "workstat": [4, 5, 12, 13], "wortkstat": [5, 13], "would": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "www": [9, 13], "x": 9, "ye": 4, "yet": [3, 6, 8, 10, 12], "ym2v": 15, "york": [5, 11, 12], "you": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15], "your": [1, 2, 4, 5, 6, 8, 9, 10, 11, 12, 14, 15], "yourself": 2, "zone": [2, 5, 6, 8, 9, 10], "zoom": 1}, "titles": ["PDFs", "Welcome to ACE Professional Lab", "Lab 1 - VPCs/VNets CREATION", "Lab 10 - DISTRIBUTED CLOUD FIREWALL", "Lab 11 - IAC & NETWORK INSIGHTS API", "Lab 9 - THREATIQ & COSTIQ", "Lab 2 - TRANSIT NETWORKING", "Lab 3 - NETWORK SEGMENTATION", "Lab 4 - HPE WITH ACTIVE MESH", "Lab 5 - CLOUD PERIMETER SECURITY (Secure Cloud Egress)", "Lab 6 - FIRENET", "Lab 7 - SITE2CLOUD", "Lab 8 - SECURE HIGH-PERFORMANCE DATACENTER EDGE", "Lab 9 - THREATIQ & COSTIQ", "LOGOS-ICONS", "POD Portal"], "titleterms": {"": [11, 12], "0": 13, "1": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "10": 3, "11": 4, "2": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "3": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "4": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "5": [1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "6": [3, 5, 6, 7, 8, 9, 10, 13], "7": [3, 8, 11, 13], "8": [12, 13], "9": [5, 13], "A": 5, "As": 12, "It": 12, "On": 11, "WITH": 8, "ac": 1, "access": 1, "activ": [3, 8], "activemesh": 8, "ad": [5, 9], "add": 3, "after": 8, "again": 13, "allow": [3, 13], "an": [3, 5, 9], "api": 4, "architectur": [3, 9], "associ": [8, 12], "attach": [3, 4, 6, 7, 8, 12], "automat": 5, "aviatrix": [6, 7, 8], "aw": [2, 6, 13], "azur": [2, 6, 10], "bad": [5, 13], "befor": 8, "between": [3, 12], "bonu": 8, "bu1": 3, "bu2": 3, "build": 3, "cloud": [3, 6, 9, 11], "configur": [6, 7, 8, 10, 11], "connect": [3, 6, 7, 8, 10, 11, 12], "consol": 2, "control": 9, "copilot": [6, 7, 8], "costiq": [5, 13], "creat": [2, 3, 4, 5, 9, 13], "creation": [2, 3], "datacent": 12, "db": 6, "dc": 13, "dcf": [3, 9, 13], "deni": 9, "deploi": [5, 13], "deploy": 10, "descript": 4, "distribut": 3, "domain": [7, 8, 12, 13], "drop": 5, "east": [3, 6], "east1": [3, 13], "ec2": 9, "edg": 12, "edit": 9, "egre": 9, "egress": 9, "enabl": [8, 9, 13], "encrypt": 8, "enforc": [5, 9], "expect": 4, "explicit": 9, "explor": 6, "fabric": 6, "featur": 9, "firenet": 10, "firewal": [3, 10], "flightpath": 8, "flowiq": 12, "forc": 5, "from": [2, 3], "gatewai": [6, 7, 8], "gcp": [2, 6, 10], "gener": [5, 9, 11, 12, 13], "get": 1, "group": 3, "gui": [5, 13], "gw": [4, 12], "high": [8, 12], "hoc": [5, 9], "hpe": 8, "i": 13, "iac": 4, "icmp": 3, "icon": 14, "id": 9, "identifi": 9, "info": 6, "inform": 1, "initi": 6, "insid": [3, 10], "insight": 4, "inspect": 9, "instal": 10, "instanc": 9, "integr": 10, "inter": 3, "intra": 3, "introduct": 2, "ip": 13, "keepal": 8, "lab": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "laptop": 3, "launch": 10, "link": 15, "logo": 14, "malici": 13, "mesh": 8, "modifi": 9, "more": 12, "mtt": 3, "multi": 3, "multicloud": 6, "network": [3, 4, 6, 7, 8, 9, 10, 12], "new": [5, 9, 13], "object": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "overview": [3, 5, 6, 7, 10, 11, 13], "pan": 10, "path": 12, "pdf": 0, "peer": [4, 6, 8, 10], "perform": [8, 12], "perimet": 9, "pod": 15, "polici": [7, 10], "portal": 15, "prefac": 1, "prem": 11, "prepar": 9, "prepend": 12, "prerequisit": 1, "privat": 9, "profession": 1, "psf": [5, 13], "pt": 8, "public": 5, "question": 8, "resid": 9, "result": 4, "rout": [6, 8, 10], "rtb": [5, 9, 13], "rule": [3, 5, 9, 13], "s2c": 11, "secur": [9, 12], "segment": [7, 8], "servic": 13, "share": 13, "simul": 9, "site2cloud": 11, "smart": 3, "smartgroup": [5, 9, 13], "spoke": [3, 4, 6, 8, 10, 12], "spoke1": 13, "ssh": [3, 9, 13], "start": [1, 8], "strongswan": 11, "subnet": [5, 9], "summari": 4, "templat": 8, "terraform": 4, "test": [8, 9, 10, 12], "test1": 13, "than": 12, "threatiq": [5, 13], "three": 13, "through": 4, "tier": 3, "topologi": [1, 5, 6, 7, 8, 9, 10, 11, 13], "toward": [3, 5, 13], "traffic": [3, 5, 9, 13], "transit": [3, 4, 6, 7, 8, 10, 12], "trust": [3, 9], "u": [6, 13], "valid": 4, "vendor": 10, "verif": [3, 5, 6, 7, 8, 10, 11, 13], "verifi": [2, 3, 10], "view": 8, "vm": 3, "vnet": 2, "vpc": [2, 4, 8], "webgroup": [9, 13], "welcom": 1, "where": 9, "within": 3, "workload": 9, "york": 13, "your": 3, "zero": [3, 9], "ztna": 9}}) \ No newline at end of file +Search.setIndex({"alltitles": {"1. Create VPCs, Transit GW, Spoke GW and Attachment through Terraform": [[4, "create-vpcs-transit-gw-spoke-gw-and-attachment-through-terraform"]], "1. General Objectives": [[11, "general-objectives"], [12, "general-objectives"]], "1. Introduction": [[2, "introduction"]], "1. Objective": [[3, "objective"], [5, "objective"], [6, "objective"], [7, "objective"], [8, "objective"], [9, "objective"], [10, "objective"], [13, "objective"], [13, "id1"]], "1. Preface": [[1, "preface"]], "1.1. Attachment between Edge and the Transit": [[12, "attachment-between-edge-and-the-transit"]], "2. Azure VNet": [[2, "azure-vnet"]], "2. CostIQ": [[13, "costiq"]], "2. Distributed Cloud Firewall Overview": [[3, "distributed-cloud-firewall-overview"]], "2. FireNet Overview (Firewall Network)": [[10, "firenet-overview-firewall-network"]], "2. High Performance Encryption and ActiveMesh": [[8, "high-performance-encryption-and-activemesh"]], "2. Multicloud Connectivity Overview": [[6, "multicloud-connectivity-overview"]], "2. Network Domain Association": [[12, "network-domain-association"]], "2. Network Segmentation Overview": [[7, "network-segmentation-overview"]], "2. Prerequisites": [[1, "prerequisites"]], "2. Site2Cloud Overview": [[11, "site2cloud-overview"]], "2. ThreatIQ Overview": [[5, "threatiq-overview"], [13, "threatiq-overview"]], "2. Topology": [[9, "topology"]], "2. Validate": [[4, "validate"]], "2.1 Enable CostIQ": [[13, "enable-costiq"]], "2.1. Create Azure VNet": [[2, "create-azure-vnet"]], "3. AWS VPC": [[2, "aws-vpc"]], "3. Create Transit Peering": [[4, "create-transit-peering"]], "3. Edge: Connectivity Test": [[12, "edge-connectivity-test"]], "3. Getting Started with the labs": [[1, "getting-started-with-the-labs"]], "3. New York DC is the Shared Services": [[13, "new-york-dc-is-the-shared-services"]], "3. SSH to the EC2 instance in the Private Subnet": [[9, "ssh-to-the-ec2-instance-in-the-private-subnet"]], "3. Smart Groups Creation": [[3, "smart-groups-creation"]], "3. Topology": [[5, "topology"], [6, "topology"], [7, "topology"], [8, "topology"], [10, "topology"], [11, "topology"], [13, "topology"]], "3.1. Create AWS VPC": [[2, "create-aws-vpc"]], "3.1. Smart Group \u201cbu1\u201d": [[3, "smart-group-bu1"]], "3.2. Smart Group \u201cbu2\u201d": [[3, "smart-group-bu2"]], "3.2. Verify from AWS Console": [[2, "verify-from-aws-console"]], "3.3. Connectivity verification (ICMP)": [[3, "connectivity-verification-icmp"]], "3.4. Connectivity verification (SSH)": [[3, "connectivity-verification-ssh"]], "4. Access Information": [[1, "access-information"]], "4. Configuration": [[7, "configuration"], [10, "configuration"], [11, "configuration"]], "4. DCF Rules Creation": [[3, "dcf-rules-creation"]], "4. Edge: FlowIQ": [[12, "edge-flowiq"]], "4. Egress Control": [[9, "egress-control"]], "4. GCP VPC": [[2, "gcp-vpc"]], "4. High Performance Encryption Configuration": [[8, "high-performance-encryption-configuration"]], "4. IAC Summary": [[4, "iac-summary"]], "4. Initial configuration": [[6, "initial-configuration"]], "4. PSF": [[5, "psf"], [13, "psf"]], "4.1 Deploy the PSF": [[5, "deploy-the-psf"], [13, "deploy-the-psf"]], "4.1 Enable the Egress Control": [[9, "enable-the-egress-control"]], "4.1. Aviatrix Transit Gateways": [[6, "aviatrix-transit-gateways"], [7, "aviatrix-transit-gateways"]], "4.1. Azure Transit to Spoke Peering": [[10, "azure-transit-to-spoke-peering"]], "4.1. Build a Zero Trust Network Architecture": [[3, "build-a-zero-trust-network-architecture"]], "4.1. CoPilot View before starting": [[8, "copilot-view-before-starting"]], "4.1. Create GCP VPC": [[2, "create-gcp-vpc"]], "4.1. Site2Cloud Connection (Cloud to On-Prem)": [[11, "site2cloud-connection-cloud-to-on-prem"]], "4.1.1.Transit Gateway in AWS US-EAST-2": [[6, "transit-gateway-in-aws-us-east-2"]], "4.2 Inspect the Private RTB": [[9, "inspect-the-private-rtb"]], "4.2 Network Domains": [[7, "network-domains"]], "4.2 RTB verification": [[5, "rtb-verification"], [13, "rtb-verification"]], "4.2 Site2Cloud Connection - StrongSwan\u2019s configuration": [[11, "site2cloud-connection-strongswan-s-configuration"]], "4.2. Aviatrix Spoke Gateways": [[6, "aviatrix-spoke-gateways"]], "4.2. Create an intra-rule that allows ICMP inside bu1": [[3, "create-an-intra-rule-that-allows-icmp-inside-bu1"]], "4.2. Create an intra-rule that allows ICMP inside bu2": [[3, "create-an-intra-rule-that-allows-icmp-inside-bu2"]], "4.2. PAN Firewall Deployment": [[10, "pan-firewall-deployment"]], "4.2. Transit-Spoke Attachment": [[8, "transit-spoke-attachment"]], "4.2.1. Spoke Gateway in AWS": [[6, "spoke-gateway-in-aws"]], "4.2.2. Spoke Gateway in Azure": [[6, "spoke-gateway-in-azure"]], "4.2.3. Spoke Gateway in GCP": [[6, "spoke-gateway-in-gcp"]], "4.3 Generate Traffic": [[9, "generate-traffic"]], "4.3. CoPilot View after Transit-Spoke Attachment": [[8, "copilot-view-after-transit-spoke-attachment"]], "4.3. Explore the Cloud Fabric": [[6, "explore-the-cloud-fabric"]], "4.3. Firewall Configuration": [[10, "firewall-configuration"]], "4.4 Aviatrix Spoke to Transit Gateways Attachments": [[6, "aviatrix-spoke-to-transit-gateways-attachments"]], "4.4 Enable DCF": [[9, "enable-dcf"]], "4.4. Firewall Vendor Integration": [[10, "firewall-vendor-integration"]], "4.4. Transit Peerings Configuration": [[8, "transit-peerings-configuration"]], "4.4.1 Identify the subnet where the private workload resides": [[9, "identify-the-subnet-where-the-private-workload-resides"]], "4.4.1. Spoke to Transit Attachment in AWS": [[6, "spoke-to-transit-attachment-in-aws"]], "4.4.1. Transit Peerings Verification": [[8, "transit-peerings-verification"]], "4.4.2 Create an Ad-Hoc SmartGroup": [[9, "create-an-ad-hoc-smartgroup"]], "4.4.2 Spoke to Transit Attachment in Azure": [[6, "spoke-to-transit-attachment-in-azure"]], "4.4.3 Create a new Rule": [[9, "create-a-new-rule"]], "4.4.3. Spoke to Transit Attachment in GCP": [[6, "spoke-to-transit-attachment-in-gcp"]], "4.5. CoPilot Verification of Spoke-Transit Attachments": [[6, "copilot-verification-of-spoke-transit-attachments"]], "4.5. Verify Routes Installed on Firewall": [[10, "verify-routes-installed-on-firewall"]], "4.6. FireNet Policy": [[10, "firenet-policy"]], "4.6. Multicloud Transit Peerings": [[6, "multicloud-transit-peerings"]], "4.6.1. AWS and Azure": [[6, "aws-and-azure"]], "4.6.2 Azure and GCP": [[6, "azure-and-gcp"]], "4.6.3. GCP and AWS": [[6, "gcp-and-aws"]], "5. - Network Insights API": [[4, "network-insights-api"]], "5. A new SmartGroup for the Public Subnet": [[5, "a-new-smartgroup-for-the-public-subnet"]], "5. Edge: \u201cIt\u2019s more than a Spoke GW\u201d\u201d": [[12, "edge-it-s-more-than-a-spoke-gw"]], "5. Enforcement": [[5, "enforcement"]], "5. High Performance Encryption Verification": [[8, "high-performance-encryption-verification"]], "5. Lab Topology": [[1, "lab-topology"]], "5. S2C - Verification": [[11, "s2c-verification"]], "5. Verification": [[3, "verification"], [6, "verification"], [10, "verification"]], "5. Verification of Segment Attachments": [[7, "verification-of-segment-attachments"]], "5. ZTNA - Zero Trust Network Architecture": [[9, "ztna-zero-trust-network-architecture"]], "5.0 Generate traffic towards a Malicious IP": [[13, "generate-traffic-towards-a-malicious-ip"]], "5.1 Create a New WebGroup": [[9, "create-a-new-webgroup"]], "5.1 Create an Ad-Hoc SmartGroup": [[5, "create-an-ad-hoc-smartgroup"]], "5.1 Edge: As-Path Prepend": [[12, "edge-as-path-prepend"]], "5.1 Generate traffic towards the \u201cBad Guy\u201d": [[5, "id1"]], "5.1 SSH to aws-us-east1-spoke1-test1": [[13, "ssh-to-aws-us-east1-spoke1-test1"]], "5.1. Automatic enforcement: \u201cforce-drop\u201d": [[5, "automatic-enforcement-force-drop"]], "5.1. CoPilot Verification": [[7, "copilot-verification"]], "5.1. CoPilot Verification of the VPC Peerings(Transit-Transit and Spoke-Transit)": [[8, "copilot-verification-of-the-vpc-peerings-transit-transit-and-spoke-transit"]], "5.1. Inside Azure": [[10, "inside-azure"]], "5.1. Verification of Transit Peerings on CoPilot(Cloud Fabric)": [[6, "verification-of-transit-peerings-on-copilot-cloud-fabric"]], "5.1. Verify SSH traffic from your laptop to bu1": [[3, "verify-ssh-traffic-from-your-laptop-to-bu1"]], "5.1.1 Launch connectivity test": [[10, "launch-connectivity-test"]], "5.2 Create a new Rule": [[5, "create-a-new-rule"]], "5.2 Create an \u201ceditable\u201d Explicit -Deny-Rule": [[9, "create-an-editable-explicit-deny-rule"]], "5.2 Generate traffic towards the \u201cBad Guy\u201d": [[5, "generate-traffic-towards-the-bad-guy"]], "5.2. Azure to GCP": [[10, "azure-to-gcp"]], "5.2. CoPilot Verification of HPE": [[8, "copilot-verification-of-hpe"]], "5.2. Verification of Transit Peerings on CoPilot (Topology)": [[6, "verification-of-transit-peerings-on-copilot-topology"]], "5.2. Verify ICMP within bu1 and from bu1 towards bu2": [[3, "verify-icmp-within-bu1-and-from-bu1-towards-bu2"]], "5.2.1 Enforce the Egree-Rule": [[9, "enforce-the-egree-rule"]], "5.2.2 Create an ad-hoc Explicit-Deny-Rule": [[9, "create-an-ad-hoc-explicit-deny-rule"]], "5.3 Test the modified rule": [[9, "test-the-modified-rule"]], "5.3. Route Info DB": [[6, "route-info-db"]], "5.3. Verify SSH within bu1": [[3, "verify-ssh-within-bu1"]], "5.4. Add a rule that allows SSH in bu1": [[3, "add-a-rule-that-allows-ssh-in-bu1"]], "5.4. Connectivity": [[6, "connectivity"]], "5.4. SSH to VM in bu2": [[3, "ssh-to-vm-in-bu2"]], "5.5. Verify ICMP traffic within bu2": [[3, "verify-icmp-traffic-within-bu2"]], "5.6. Inter-rule from bu2 to bu1": [[3, "inter-rule-from-bu2-to-bu1"]], "6. ActiveMesh": [[8, "activemesh"]], "6. Connection Policy": [[7, "connection-policy"]], "6. CostIQ": [[5, "costiq"]], "6. East-1 and the Multi-Tier Transit": [[3, "east-1-and-the-multi-tier-transit"]], "6. IDS": [[9, "ids"]], "6.0 Create a new SmartGroup": [[13, "create-a-new-smartgroup"]], "6.1 Activation of the MTT": [[3, "activation-of-the-mtt"]], "6.1 Create a New Rule": [[9, "id1"]], "6.1. CoPilot Verification of ActiveMesh": [[8, "copilot-verification-of-activemesh"]], "6.1. Verification of Connection Policy": [[7, "verification-of-connection-policy"]], "6.2 Prepare the simulator": [[9, "prepare-the-simulator"]], "6.2 Smart Group \u201ceast1\u201d": [[3, "smart-group-east1"]], "6.2. Connectivity test of ActiveMesh (Pt.1)": [[8, "connectivity-test-of-activemesh-pt-1"]], "6.2.1 Enable Segmentation": [[8, "enable-segmentation"]], "6.2.2. Associate Aviatrix Spoke to the Network Domain": [[8, "associate-aviatrix-spoke-to-the-network-domain"]], "6.3 Create an inter-rule that allows ICMP from bu2 towards east1": [[3, "create-an-inter-rule-that-allows-icmp-from-bu2-towards-east1"]], "6.3 Test the New Rule and the IDS feature": [[9, "test-the-new-rule-and-the-ids-feature"]], "6.3. Connectivity test of ActiveMesh (Pt.2)": [[8, "connectivity-test-of-activemesh-pt-2"]], "6.4 Verify connectivity between bu2 and east1": [[3, "verify-connectivity-between-bu2-and-east1"]], "7. FlightPath": [[8, "flightpath"]], "7. Spoke to Spoke Attachment": [[3, "spoke-to-spoke-attachment"]], "7.0 Create a new DCF rule": [[13, "create-a-new-dcf-rule"]], "7.1 Creating a Spoke to Spoke Attachment": [[3, "creating-a-spoke-to-spoke-attachment"]], "8.0 Generate again traffic towards the \u201cBad Guy\u201d": [[13, "generate-again-traffic-towards-the-bad-guy"]], "8.1 Create a new WebGroup": [[13, "create-a-new-webgroup"]], "8.2 Create a DCF rule that will allow traffic towards the three domains!": [[13, "create-a-dcf-rule-that-will-allow-traffic-towards-the-three-domains"]], "Bonus questions": [[8, "bonus-questions"]], "Description": [[4, "description"], [4, "id3"]], "Expected Results": [[4, "expected-results"], [4, "id2"]], "Gateway Keepalive Templates": [[8, "gateway-keepalive-templates"]], "LOGOS-ICONS": [[14, null]], "Lab 1 - VPCs/VNets CREATION": [[2, null]], "Lab 10 - DISTRIBUTED CLOUD FIREWALL": [[3, null]], "Lab 11 - IAC & NETWORK INSIGHTS API": [[4, null]], "Lab 2 - TRANSIT NETWORKING": [[6, null]], "Lab 3 - NETWORK SEGMENTATION": [[7, null]], "Lab 4 - HPE WITH ACTIVE MESH": [[8, null]], "Lab 5 - CLOUD PERIMETER SECURITY (Secure Cloud Egress)": [[9, null]], "Lab 6 - FIRENET": [[10, null]], "Lab 7 - SITE2CLOUD": [[11, null]], "Lab 8 - SECURE HIGH-PERFORMANCE DATACENTER EDGE": [[12, null]], "Lab 9 - COSTIQ": [[13, "lab-9-costiq"]], "Lab 9 - THREATIQ & COSTIQ": [[5, null], [13, null]], "Link": [[15, "link"]], "PDFs": [[0, null]], "POD Portal": [[15, null]], "Transitive Routing": [[8, "transitive-routing"]], "Validate": [[4, "id1"], [4, "id4"]], "Welcome to ACE Professional Lab": [[1, null]]}, "docnames": ["docs/PDFs", "docs/home", "docs/lab1", "docs/lab10", "docs/lab11", "docs/lab12", "docs/lab2", "docs/lab3", "docs/lab4", "docs/lab5", "docs/lab6", "docs/lab7", "docs/lab8", "docs/lab9", "docs/logos-icons", "docs/pod"], "envversion": {"sphinx": 62, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1}, "filenames": ["docs/PDFs.md", "docs/home.md", "docs/lab1.md", "docs/lab10.md", "docs/lab11.md", "docs/lab12.md", "docs/lab2.md", "docs/lab3.md", "docs/lab4.md", "docs/lab5.md", "docs/lab6.md", "docs/lab7.md", "docs/lab8.md", "docs/lab9.md", "docs/logos-icons.md", "docs/pod.md"], "indexentries": {}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"": [2, 3, 4, 5, 6, 8, 9, 10, 13], "0": [2, 3, 4, 5, 8, 9, 10, 11, 12], "0xtf": 9, "10": [2, 5, 8, 9, 10, 12, 13], "100": [8, 11, 12], "105": 1, "12": [2, 3, 5], "129": 10, "149": 8, "15": 10, "16": [1, 2, 5, 8, 10, 11, 12, 13], "168": [2, 3, 10, 11], "172": [2, 8, 11, 12], "1918": [8, 9, 10], "192": [2, 3, 10, 11], "1a": [5, 8, 13], "1b": 8, "1x": 6, "20": [6, 10], "200": 11, "22": [1, 2, 3], "225": 12, "23": 3, "24": [2, 5, 8, 11, 12], "26": 6, "27": 9, "28": 5, "2a": [6, 9], "2x": [2, 6], "30": [8, 12], "32": 5, "3x": 6, "40": [5, 13], "443": 8, "5": 2, "50": 3, "53": [9, 10], "6": [4, 12], "60": 5, "63": [1, 10], "64512": 3, "64513": 12, "64514": 12, "64515": 3, "7": [1, 9, 10], "71": 1, "8": [1, 3, 5, 11], "9": [1, 4, 10], "A": 8, "AS": [3, 12], "As": [2, 6, 8], "At": [1, 3, 6, 7, 8, 9, 10], "Be": [6, 8, 11], "By": [1, 4, 5], "For": [6, 11, 12], "If": [1, 3, 5, 6, 8, 9, 10, 12, 13], "In": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "It": [2, 3, 6, 8], "Its": 11, "NOT": [2, 3, 6, 8, 9], "No": [3, 5, 9, 12, 13], "Not": 9, "ON": [9, 10, 11], "OR": 3, "Of": [9, 12], "On": [3, 4, 5, 6, 8, 9, 10, 12, 13], "TO": [3, 8], "The": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "Then": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12], "There": 12, "These": [1, 4, 5, 6, 8, 13], "To": [1, 3, 6, 8], "With": [4, 9], "abl": [1, 3, 6, 7, 8, 9, 10, 13], "about": [2, 4, 5, 8, 10, 11, 12, 13], "abov": [3, 4, 5, 6], "absenc": [3, 9], "absolut": [5, 13], "ac": 0, "access": [7, 10, 12, 15], "accomplish": [10, 12], "accord": 3, "account": [2, 5, 6, 13], "achiev": [3, 8, 11], "across": [3, 7], "action": [3, 5, 6, 8, 9, 10, 11, 13], "activ": [4, 9, 10, 11], "activemesh": [0, 1], "actual": 8, "ad": [3, 4], "add": [5, 9, 10, 11], "addit": [1, 2, 3, 5, 6, 8, 9, 10, 12], "addition": 6, "addr": 10, "address": [5, 6, 9, 10, 11, 12, 13], "adjust": 6, "admin": [2, 10], "administr": 12, "adopt": 3, "advanc": 3, "advertis": [5, 12, 13], "affect": 3, "aforement": [5, 9, 13], "aft": 3, "after": [3, 4, 5, 6, 7, 9, 10, 11, 12, 13], "afternoon": 1, "afterward": [2, 5, 6, 9, 12], "again": [2, 3, 4, 5, 6, 8, 9, 10, 12], "against": 9, "aggress": 6, "aid": 1, "aka": [1, 3, 7, 8, 10], "akin": 6, "alert": [5, 13], "algorithm": 8, "alia": 5, "aliv": 8, "all": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "alloc": [3, 6], "allow": [4, 9, 10, 12], "almost": [2, 9, 10], "along": [8, 12], "alreadi": [3, 4, 6, 10, 11, 12], "also": [2, 3, 4, 5, 8, 9, 12, 13], "alt": 4, "altern": [2, 9], "although": [3, 10, 12], "alto": [1, 10], "alwai": [2, 3, 6, 7], "among": [3, 6, 7], "an": [1, 2, 4, 6, 8, 10, 11, 12, 13], "ani": [3, 5, 6, 8, 9, 10, 11, 12, 13], "anoth": [3, 4, 5, 11, 12, 13], "anyth": 9, "anywher": [3, 9, 10], "api": [0, 1, 10], "app": 4, "appear": 6, "appiq": 8, "appli": [3, 4, 5, 7, 8, 9, 10, 12, 13], "applic": [2, 5, 13], "approach": 9, "appropri": [7, 8], "approv": 4, "approxim": 3, "apt": 12, "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "arc": 7, "architectur": [6, 7], "arrow": [3, 5, 9], "ask": [1, 3, 9, 12], "asn": [3, 12], "assess": 4, "asset": [2, 5, 9, 13], "assign": [2, 3, 8, 10, 11], "assocci": 12, "associ": [5, 7, 9, 10, 13], "assum": 2, "attach": [1, 2, 5, 10, 13], "attachemnt": 12, "attack": 9, "attempt": [8, 9], "attent": [1, 6], "attribut": 12, "authent": 10, "authet": 11, "author": [4, 9], "auto": [4, 8, 9, 10], "autom": 4, "automat": [8, 9, 10, 11], "avail": [1, 2, 4, 5, 6, 8, 9, 11, 12], "aviatrix": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "aviatrixlab": 11, "aviatrixsystem": 4, "avod": 3, "avx": 10, "avxadmin": 10, "aw": [1, 3, 4, 5, 7, 8, 9, 12], "awai": 12, "awar": 12, "az": [2, 5, 6, 8, 9, 10], "azur": [1, 3, 5, 7, 8, 13], "back": [2, 4, 5, 6, 8, 10, 11, 12], "backbon": 7, "backup": 12, "bar": [2, 10], "base": [3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "bash": 11, "beahvior": 3, "bear": [2, 3, 6, 12], "becaus": [3, 5, 7, 8, 9, 10, 12, 13], "becom": 8, "been": [3, 5, 6, 9, 10, 12, 13], "befor": [1, 2, 3, 5, 6, 9, 10, 11, 12], "begin": [2, 6, 9, 10], "behaviour": 9, "being": [6, 9, 10, 12], "belong": [3, 5, 9, 13], "below": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 15], "besid": 9, "best": [6, 12], "better": [8, 9], "between": [4, 6, 7, 8, 10, 11], "bgp": [3, 5, 12, 13], "bgpoverlan": [11, 12], "bidirect": [6, 7], "bill": [5, 13], "bit": [2, 12], "block": [2, 4, 5, 9, 13], "blown": [1, 3, 4, 10], "blue": [3, 7], "bootcamp": 1, "bootstrap": [1, 10], "border": [3, 12], "both": [2, 3, 5, 6, 8, 9, 10, 12, 13], "bottom": [5, 6, 9, 10], "branch": [7, 10, 11], "bring": 8, "browser": [1, 10], "build": [4, 6, 11], "bunch": 12, "bundl": 10, "busi": 8, "button": [2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "c6in": 6, "call": [1, 3, 5, 10, 13], "can": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15], "candid": 9, "cannot": 1, "capabl": [3, 8, 12], "care": 10, "carri": [3, 8], "case": [1, 12], "cat": 11, "caus": [4, 9], "cd": 4, "center": [5, 13], "central": [2, 6, 12], "central1": [3, 5, 6, 7, 10, 11, 12, 13], "centralis": 6, "certif": 10, "cfg": 11, "challeng": 8, "chang": [2, 3, 4, 5, 6, 8, 9, 11, 12], "channel": 10, "check": [0, 2, 3, 6, 8, 9, 10, 11, 12], "checkbox": 3, "chmod": 9, "choos": [3, 5, 8, 9, 10, 11, 13], "chose": 5, "chrome": 1, "cidr": [2, 5, 9, 11, 12, 13], "circl": 6, "class": 1, "classic": 12, "classifi": [3, 5], "clean": 2, "clearli": [3, 6, 9], "click": [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], "client": [1, 5, 8, 9, 12, 13], "clipboard": 4, "close": [4, 6, 12], "cloud": [0, 1, 2, 5, 7, 8, 10, 12, 13], "cluster": [6, 8, 12], "code": [4, 15], "collaps": 6, "color": [2, 7], "column": 5, "com": [9, 11, 13], "comfort": 1, "command": [4, 5, 8, 9, 11, 12, 13], "commit": [3, 5, 6, 9, 10, 13], "commun": [3, 6, 7, 8, 10], "compar": 4, "complement": 4, "complet": [2, 3, 5, 6, 10, 11, 12, 13], "complianc": 8, "compon": [3, 6], "compris": 6, "compromis": 12, "condit": [3, 5, 9], "conf": 11, "config": 8, "configur": [1, 2, 3, 4, 5, 9, 12], "confirm": [2, 3, 5, 6, 8, 10, 12], "conflict": 2, "congratul": 4, "connect": [4, 9], "consid": 12, "consol": [6, 8, 11], "construct": [1, 2, 8], "consum": [6, 9], "contact": [9, 10], "contain": [3, 4], "content": [4, 11, 13], "continu": [2, 5, 9, 10], "control": [2, 3, 4, 8, 10, 11, 12, 14], "converg": 8, "coonfigur": 11, "copi": [4, 5, 9, 11, 13], "copilot": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "core": 7, "corner": [2, 6, 8, 10], "corpor": 1, "correct": 9, "correctli": 12, "correspon": [5, 13], "correspond": [3, 4, 5, 6, 9, 10], "cost": [5, 9, 13], "costiq": [0, 1], "could": [6, 8, 9, 11], "cours": [9, 12], "cover": 1, "creat": [6, 7, 8, 10, 11, 12], "creation": [1, 6, 7, 9, 10, 11, 12, 13], "credenti": [2, 4, 8, 10, 12], "criteria": [5, 13], "critic": 3, "csp": [3, 7, 9, 11, 13], "ctrl": 4, "cumbersom": 6, "curl": [5, 9, 13], "current": [3, 9, 10], "custom": [1, 7, 10], "customis": 7, "dai": 1, "dash": [6, 8], "dashboard": [6, 10], "data": [3, 4, 5, 9, 12, 13], "databas": [5, 13], "db": [12, 13], "dc": [5, 6, 11, 12], "dcf": [5, 10], "deafultthreatgroup": [5, 13], "decis": [4, 9, 12], "declar": 4, "decrypt": 3, "dedic": 1, "deem": [5, 13], "default": [2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "defaultdenyal": [9, 10], "defaultdenyrul": 9, "defend": 13, "defin": [2, 3, 5, 7, 10, 12, 13], "delet": [3, 5, 9, 13], "deliv": 12, "demonstr": [3, 5, 8, 9, 13], "deni": [3, 10, 13], "depend": 8, "depict": [2, 6, 7, 8, 11, 12], "deploi": [1, 2, 3, 4, 6, 10, 11, 12], "deploy": [2, 4, 5, 6, 11, 13], "describ": 12, "design": [0, 1, 6, 14], "desir": [4, 7], "desktop": [1, 4, 12], "despit": 3, "destin": [3, 5, 8, 9, 10, 12, 13], "detail": 8, "detect": 9, "determin": 5, "determinist": 8, "devic": [4, 11, 12], "diagnost": [5, 8, 11, 12, 13], "dictat": 6, "didn": 8, "differ": [2, 5, 6, 7, 8], "difficult": 6, "dig": 11, "direct": [3, 6], "directli": [3, 4, 7, 8], "directori": 4, "disabl": 8, "discov": [3, 5, 13], "dismiss": 10, "displai": 8, "disrupt": [8, 9], "distinct": 3, "distribut": [0, 1, 5, 9, 10, 13], "dn": [6, 9, 10, 11], "do": [2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13], "doc": 4, "document": 1, "doe": [1, 3, 4, 6, 8, 10, 11], "doesn": 10, "domain": [3, 9, 10], "don": [3, 6, 8], "done": 8, "dot": [5, 6, 9, 10, 12, 13], "down": [1, 2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "download": [0, 4, 8], "draft": [3, 5, 9, 10, 13], "draw": [3, 11], "driven": [4, 11], "drop": [2, 3, 6, 8, 9, 10, 11, 12], "due": [3, 9, 10, 11, 12], "dure": 3, "dynam": [3, 6], "e": [1, 2, 3, 6, 7, 9, 10, 11, 12], "each": [1, 2, 3, 6, 7, 8, 10, 11, 12], "earli": 10, "earlier": [8, 10, 12], "eas": 7, "easi": 11, "easili": 4, "east": [1, 4, 5, 7, 8, 9, 10, 12, 13], "east1": [5, 8], "east2": [3, 6, 8, 9], "ec2": [3, 5, 6, 8, 12], "echo": 3, "edg": [0, 1, 4, 5, 6, 11, 13], "edit": [5, 6, 7, 8, 10, 11, 12], "editig": 11, "effect": 9, "egress": [1, 3, 10], "eight": 2, "either": [6, 7, 11], "element": [4, 6], "email": 5, "embrac": 10, "employe": 1, "empti": [3, 5, 9, 12], "emul": 11, "enabl": [3, 4, 5, 7, 10, 12], "encompas": 3, "encrypt": [0, 1, 6, 11, 12], "end": [0, 1, 2, 5, 7, 8, 9, 10, 11, 12], "enforc": [3, 10, 13], "engin": 8, "eni": 8, "ensur": [3, 5, 6, 9, 13], "enter": [3, 4, 5, 6, 8, 9, 10, 12, 13], "enterpris": [3, 6, 7, 8], "entir": 8, "entri": [5, 9, 10, 13], "environ": [3, 4, 6, 7, 9], "eod": 0, "equal": 12, "error": 10, "espn": 9, "essenti": 9, "establish": [3, 4, 6, 9, 11, 12], "etc": 11, "ethernet1": 10, "etho": 12, "evalu": 9, "even": 10, "everyth": [3, 9], "evid": 3, "exact": 6, "exactli": 12, "exampl": [2, 11], "exchang": 12, "exclud": 3, "exclus": 9, "execut": [3, 4, 9, 12], "exercis": [0, 4], "exist": [2, 3, 6, 9, 10, 11, 12], "expand": [2, 3, 6, 8, 11, 12], "expens": 10, "experi": [5, 6, 8, 10], "explicit": [3, 10], "explicitli": 4, "explor": [2, 4, 7, 9, 12, 13], "export": 12, "extend": [7, 12], "extern": 11, "fabric": [3, 5, 7, 8, 9, 10, 11, 12, 13], "facilit": 10, "fact": [3, 9], "fail": [3, 5, 8], "familiaris": 2, "far": 12, "fast": 8, "featur": [3, 7, 8, 11, 12], "fetch": 6, "few": 4, "field": [2, 3, 5, 9, 10, 11, 12], "fifteen": 6, "figur": 6, "file": [4, 10, 11], "fill": [8, 12], "filter": [2, 3, 5, 8, 9, 10, 11, 12, 13], "final": [2, 3, 5, 6, 7, 8, 9, 10, 12, 13], "find": [4, 5, 6, 8, 9, 13], "finish": 4, "firefox": 1, "firenet": [1, 2], "firewal": [0, 1, 5, 7, 9, 11, 13], "first": [3, 4, 5, 8, 9, 10, 11, 12], "flag": 3, "flat": [3, 7], "flexibl": 3, "flow": [8, 10, 12], "flowiq": [5, 8, 13], "folder": [4, 10], "follow": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "footbal": 9, "foremost": [3, 5, 9, 12], "forget": [3, 5, 6, 8, 9, 10, 12, 13], "format": 8, "forward": 8, "found": 9, "four": 2, "frequent": [5, 6], "fresh": 1, "fridai": [0, 1], "from": [1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "full": [1, 3, 4, 6, 9, 10, 12], "function": [1, 2, 3, 8, 9, 10, 12], "furthermor": 9, "fw": 10, "g": 1, "garden": 8, "gatewai": [1, 2, 3, 4, 5, 9, 10, 11, 12, 13, 14], "gather": 9, "gcp": [3, 5, 7, 8, 11, 12, 13], "gener": [3, 4, 8, 10], "get": [2, 5, 6, 8, 9, 10, 13], "githubusercont": 9, "give": [6, 12], "given": 1, "global": [2, 4, 5, 6, 13], "go": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "goe": 8, "good": 9, "googl": [9, 13], "got": [2, 3, 12], "grafana": 4, "granular": 9, "grayedout": 12, "green": [2, 3, 7, 8, 10, 11, 12], "greendfield": 9, "greenfield": [3, 5, 9, 10, 13], "grei": [6, 10, 11], "group": [5, 7, 8, 9, 13], "guarante": 9, "guid": [4, 6], "gw": [3, 6, 7, 8, 9, 10, 11], "ha": [2, 3, 4, 5, 6, 8, 9, 10, 12], "had": 10, "hand": [2, 3, 5, 6, 8, 9, 10, 12, 13], "handl": 10, "happen": 6, "har": 12, "hardwar": 4, "have": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "heal": 8, "health": [6, 8], "help": [7, 8, 9], "henc": 10, "here": [2, 4, 7, 8, 11, 12], "hidden": [4, 5], "high": [0, 1, 6], "highest": 12, "highlight": 7, "hit": [2, 9, 10], "hoc": 3, "home": 4, "hop": [8, 12], "host": [4, 9, 11], "hour": 5, "hourglass": 2, "hover": 7, "how": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "howev": [3, 6, 9], "hpe": [6, 12], "http": [4, 5, 9, 10, 13], "hub": [3, 6, 7], "huge": 8, "hybrid": [8, 12], "hyperlink": 10, "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12], "iac": [0, 1], "icmp": [10, 11], "icon": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "id": [3, 6], "identifi": [4, 5, 11, 13], "igw": [2, 5, 9, 13], "ikev2": 11, "imag": 10, "immedi": [2, 4, 5, 6, 9, 10, 11, 13], "impact": [3, 9], "implement": 7, "improv": 9, "inadvert": 9, "includ": [1, 6, 10, 14], "increasingli": 6, "inde": [6, 12], "indic": [6, 9, 10], "individu": 4, "inetutil": 12, "info": [2, 5, 7, 8, 10, 12, 13], "inform": [2, 4, 6, 8, 9], "infrastructur": [4, 6], "ingress": 10, "init": 4, "initi": [1, 3, 4, 5, 9, 10, 11, 13], "inject": 9, "inner": 6, "input": 8, "insan": [1, 8], "insert": [2, 3, 4, 5, 9, 10, 12, 13], "insid": [1, 2, 4, 5, 6, 9, 12], "insight": [1, 5, 9, 13], "inspect": [3, 5, 7, 10, 12, 13], "instal": [1, 3, 9, 12], "instanc": [1, 3, 5, 6, 7, 8, 10, 11, 12, 13], "instant": 9, "instanti": [6, 8], "instead": 11, "instructor": [5, 13], "integr": 4, "intellig": 8, "intend": 1, "interconnect": 12, "interfac": [2, 4, 8, 10, 12], "internet": [2, 9, 10, 11, 13], "interrupt": 8, "interv": 6, "introduc": 10, "introduct": 0, "intrus": 9, "invalid": 10, "investig": [3, 4], "invis": 9, "invok": [2, 8], "involv": [3, 11, 12], "io": 4, "ip": [1, 3, 5, 6, 7, 9, 10, 11, 12], "ipsec": [6, 11], "ipv4": 13, "island": 4, "issu": [5, 9, 11, 13], "its": [3, 5, 6, 8, 9, 10, 11, 12, 13], "just": [2, 3, 6, 8, 10, 12], "keep": [8, 11], "kei": [3, 4, 10, 11, 13], "kept": [3, 5, 13], "keyboard": [4, 12], "kibibyt": 12, "kind": [3, 8, 9, 12], "kindli": 5, "knob": [3, 8, 9, 10, 12], "know": [4, 5, 9, 10], "knowledg": 0, "known": [5, 6, 8, 9, 13], "lab11": 4, "lab6": 10, "lab7": 11, "lab8": 11, "lan": [11, 12], "land": 12, "laptop": [1, 9, 11], "larg": [6, 8], "larger": 4, "last": [3, 5, 8, 9], "latenc": 8, "later": [1, 7, 10], "latest": 4, "launch": [8, 9, 11, 12], "layer": [7, 9], "learn": [1, 5, 10, 12, 13], "least": [8, 9], "legend": 6, "length": 12, "less": 4, "lesson": 4, "let": [0, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13], "leverag": 3, "like": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "likewis": [1, 3, 6, 7], "line": [4, 6, 8, 12], "link": [0, 8, 14], "list": [2, 3, 5, 6, 9, 10, 12, 13], "littl": [2, 12], "live": 4, "load": 10, "local": [3, 5, 9, 11, 12, 13], "locat": [3, 4, 6], "lock": 3, "log": [2, 3, 4, 5, 9, 10, 13], "logic": [3, 7, 8], "login": [2, 4, 8, 10], "logo": 6, "long": 10, "look": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "lose": 4, "lost": 6, "lot": [4, 10], "love": 4, "lower": 3, "lunch": 4, "lx": 12, "lxtermin": 4, "mac": 4, "machin": [4, 5, 6, 9, 13], "magic": 10, "mai": [1, 5, 6, 8, 10, 12], "main": 4, "maintain": [4, 5, 6, 13], "major": 6, "make": [2, 4, 5, 6, 8, 9, 10, 13], "malici": [1, 5, 9], "manag": [3, 6, 10, 11, 12], "mani": [5, 13], "manifest": 4, "manipul": [10, 12], "manner": 11, "manual": [6, 11], "map": [2, 6, 10, 11, 12], "marketplac": 10, "master": 9, "match": [3, 9, 10], "maximum": [6, 10], "mayb": 10, "mc": 4, "mcna": [0, 1, 3, 12], "mean": [4, 9, 10, 12], "meanwhil": 6, "mechan": [12, 13], "medium": [5, 6, 8, 13], "meet": [5, 13], "mention": 1, "menu": [4, 7, 12], "mesh": [3, 4, 6], "messag": [2, 6, 9, 10, 12], "metadata": 5, "method": [3, 11], "metric": [3, 6, 8], "mgmt": 10, "micro": 4, "microsoft": 13, "middl": 10, "might": [5, 6, 8, 10, 13], "mind": [2, 3, 6, 8, 12], "minut": [2, 3, 4, 5, 6, 8, 10, 11, 12, 13], "misconfigur": 6, "mod01": 0, "mod02": 0, "mod03": 0, "mod04": 0, "mod05": 0, "mod06": 0, "mod07": 0, "mod08": 0, "mod09": 0, "mod10": 0, "mod11": 0, "mod12": 0, "mod13": 0, "mod14": 0, "mod15": 0, "mod16": 0, "mod17": 0, "mode": [1, 8, 9], "modifi": [3, 8], "modul": 4, "monitor": [2, 3, 5, 6, 8, 9, 10, 12], "more": [3, 4, 5, 8, 13], "moreov": [2, 6, 10], "move": [4, 5, 9, 13], "much": 12, "multi": [1, 6, 10, 12], "multicloud": [1, 4, 7], "multipl": [6, 12], "must": [1, 6, 10], "n": [5, 8, 13], "n1": 6, "nacl": 8, "name": [2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "namespac": 4, "nat": [3, 9, 11], "nativ": [6, 8, 9], "navig": [2, 4, 5, 6, 10], "nearbi": 3, "need": [4, 5, 6, 8, 9, 10, 11, 12], "neither": 7, "netflow": [5, 9, 12, 13], "network": [0, 1, 11], "networkinsight": 0, "never": 3, "nevertheless": [9, 12], "new": [3, 4, 6, 7, 8, 10, 11, 12], "newli": 4, "next": [4, 5, 6, 8, 10], "ngfw": [3, 10], "nginx": 13, "nine": [6, 8], "node": 7, "non": [8, 9], "north": 10, "note": [3, 5, 10, 13], "notic": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "notif": [2, 5, 12], "notifi": 12, "now": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "nslookup": 11, "number": [3, 6, 8, 11, 12], "o": [9, 11], "observ": [2, 9], "occur": [3, 7], "off": [3, 6, 8, 9, 12], "offici": 4, "ohio": 6, "ok": [3, 11], "onboard": 7, "onc": [2, 3, 4, 5, 6, 8, 10, 12], "one": [1, 2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "onli": [3, 6, 7, 9, 10, 13], "onprem": 11, "onprempartn": 11, "onward": 5, "open": [2, 3, 4, 6, 7, 12], "oper": 12, "opposit": 6, "optim": 9, "option": [5, 7, 9, 11, 12, 13], "orchestr": [3, 10, 12], "order": [5, 6, 7, 8, 9, 10, 12], "oregon": 2, "org": 9, "other": [1, 3, 4, 6, 7, 8, 9, 11], "otherwis": 1, "our": 4, "out": [3, 4, 5, 6, 8, 9, 10, 11, 12, 13], "outboud": 1, "outcom": [3, 5, 8, 9, 10, 12, 13], "outer": 6, "output": 9, "over": [4, 7, 11, 12], "overal": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "overcom": 8, "overlap": [1, 2, 11], "overview": [8, 9, 12], "own": [9, 12], "owner": 3, "pacif": 1, "packag": [1, 10, 12], "packet": 9, "page": [2, 4, 6, 8, 10], "pai": [1, 6], "pair": [6, 8], "palo": [1, 10], "paloalto": 10, "panel": 2, "parament": 10, "paramet": [3, 5, 6, 9, 10, 13], "particular": 1, "partner": [1, 7, 10, 11], "partner1": 11, "pass": 10, "password": [2, 9, 10, 12], "past": [4, 10], "path": [3, 8, 9], "patient": [2, 6, 8, 10, 11], "pc": 1, "pdf": 8, "peer": [3, 12], "pencil": [5, 6, 7, 8, 9, 10], "pend": [6, 8], "per": [2, 6], "perfect": 4, "perfectli": 3, "perform": [0, 1, 6, 9], "period": [2, 5], "permit": [1, 3, 5, 9, 10, 13], "person": [1, 2, 3, 4, 5, 6, 11, 12, 15], "perspect": 12, "pictur": 15, "ping": [3, 5, 6, 7, 8, 10, 11, 12, 13], "pinpoint": [5, 9], "place": [3, 9, 11], "plan": 4, "plane": [3, 9, 12], "platform": [4, 6, 10], "pleas": [0, 1, 2, 3, 5, 6, 8, 10, 11, 12, 13], "pod": [1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12], "point": [2, 3, 5, 6, 7, 8, 9, 13], "polici": 3, "pop": [2, 3, 5, 6, 9, 10, 12, 13], "popul": 10, "port": [1, 3, 8, 9, 10], "portal": [1, 2, 3, 4, 6, 9, 10, 11, 12], "possibl": [3, 9, 10], "postur": 9, "potenti": 9, "power": [6, 12], "practic": 6, "pre": [1, 6, 8, 10, 11], "preconfigur": 11, "prefer": [3, 12], "prefix": [6, 10], "prem": [6, 8, 10, 12], "premis": [7, 11], "prepar": [1, 4, 10], "prepend": 5, "preprovis": 6, "presenc": [6, 9, 11, 12], "present": [3, 10], "press": 4, "prevent": 3, "preview": 3, "previou": [3, 4, 6, 8, 13], "previous": [2, 4, 5, 8, 9, 12], "primari": 12, "prioriti": 9, "privat": [2, 3, 6, 7, 8, 10, 11, 12], "proce": [3, 6, 9, 12], "proceed": [5, 6, 8], "process": [1, 4, 6, 12], "product": 6, "prof": 0, "program": [8, 10], "progress": [2, 5, 6, 10, 13], "prometheu": 4, "prompt": [4, 10], "proofpoint": [5, 13], "properli": 3, "properti": [6, 8], "propos": 4, "protect": [5, 13], "protocol": [3, 5, 8, 9, 10, 12, 13], "provid": [1, 4, 5, 6, 8, 9, 13], "provis": [6, 10, 12], "psk": 11, "public": [2, 3, 6, 8, 9, 10, 11, 12, 13], "public_ip": [6, 7], "publlic": 9, "pull": 7, "purpos": [2, 9], "pwd": 9, "queri": 9, "quickli": 4, "quit": 3, "rang": [2, 9], "rate": [4, 12], "rather": 4, "raw": 9, "rbac": 0, "reach": [3, 9, 11, 12, 13], "reachabl": [3, 7, 8], "read": [5, 13], "readi": [10, 12], "real": 11, "reason": 3, "receiv": [4, 5, 10], "recipi": 5, "recommend": [3, 6], "reconverg": 8, "recreat": 10, "recurs": [8, 11], "red": [8, 10, 11], "reduc": 9, "redund": 12, "refer": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "reflect": [2, 3, 6, 8, 11], "refresh": [2, 5, 6, 8, 9, 10, 11, 12], "regard": 12, "region": [1, 2, 3, 5, 6, 8, 12, 13], "regist": 12, "registri": 4, "regularli": [5, 13], "rel": [5, 13], "relat": [3, 10, 12], "relaunch": [3, 8, 12], "relev": [3, 7], "reli": [5, 6, 13], "remain": [5, 8, 9, 13], "rememb": 10, "remot": [4, 11, 12], "remov": [0, 5, 8, 9], "repeat": [3, 5, 6, 8, 12, 13], "replac": [9, 11], "replace_with_spoke_gw_public_ip": 11, "repli": 3, "report": [5, 8, 13], "repres": [6, 7, 9], "reput": [5, 13], "request": 9, "requir": [3, 4, 5, 7, 8, 10, 13], "rerout": 9, "resid": [5, 6, 8, 13], "resili": 8, "resolv": 11, "resourc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "respect": [6, 7, 8], "respons": 10, "rest": [3, 6, 12], "restart": 8, "restor": 2, "restrict": [1, 7], "result": [2, 6], "retest": [7, 8], "retriev": [6, 9, 10, 11, 13], "return": 10, "reveal": 12, "reverifi": 8, "rfc": [8, 9, 10], "rfc1918": [8, 9, 10], "rib": 6, "rid": 10, "righ": 3, "right": [1, 2, 3, 5, 6, 8, 9, 10, 12, 13], "root": 9, "roughli": 10, "rout": [2, 3, 5, 7, 9, 11, 12, 13], "router": [1, 10, 11, 12], "row": [5, 10], "rtb": 8, "rule": 10, "run": [4, 5, 6, 8, 11, 12, 13], "safari": 1, "sake": 6, "same": [2, 3, 4, 5, 6, 8, 9, 10, 12], "save": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "scalabl": 8, "scale": 10, "scenario": [9, 11], "scope": 1, "scratch": 11, "screen": [10, 11, 12], "screenshot": [2, 5, 6, 8, 13], "script": 11, "scroll": [8, 12], "sd": 12, "sdn": 12, "search": [2, 3, 5, 8, 9, 11, 12, 13], "second": [6, 8, 10, 12], "section": [2, 3, 4, 5, 6, 8, 10, 11, 12], "secur": [0, 1, 3, 4, 5, 7, 8, 10, 13], "see": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "seem": 12, "segment": [0, 1, 10, 12], "segreg": 7, "select": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "self": 10, "semplic": 6, "send": [5, 13], "sens": 3, "sent": 3, "separ": [1, 3, 8], "seri": [1, 10], "server": [4, 6, 9], "servic": [2, 3, 5, 8, 9], "session": [4, 8, 10, 11, 13], "set": [3, 4, 5, 6, 8, 10, 11, 12], "sever": [3, 6], "sg": [3, 5, 9], "sh": 11, "share": [1, 5, 10, 11], "shift": 4, "should": [1, 3, 4, 5, 6, 9, 10, 13], "show": [3, 4, 5, 6, 8, 9, 10, 12, 13], "shown": [2, 5, 6, 7, 10, 13], "shut": 8, "side": [2, 3, 5, 6, 8, 9, 10, 11, 12, 13], "sidebar": 4, "sign": 10, "significantli": 10, "similar": [3, 7, 11, 12], "simpl": [4, 6], "simpli": 9, "simplic": 6, "simplifi": [4, 6, 10], "simultan": [8, 12], "sinc": [2, 7, 11], "singl": [1, 3, 6, 8, 9, 12], "sit": 9, "site": 11, "site2cloud": [0, 1, 7], "six": 6, "size": [5, 6, 8, 10, 13], "slide": 0, "slider": 9, "slow": 10, "smartgroup": [3, 10], "smoothli": 3, "snat": [9, 10], "so": [1, 7], "softwar": 12, "sole": [3, 8, 9, 13], "solid": [6, 8], "solut": [1, 3, 4, 7, 10, 12], "some": [1, 2, 4, 6, 8, 10, 12, 13], "someth": 6, "soon": [0, 2, 6], "sourc": [3, 4, 5, 8, 9, 10, 13], "south": 10, "space": [2, 10, 11], "special": [1, 6], "specialti": [5, 13], "specif": [1, 9, 10], "specifi": 9, "speed": 8, "splash": 10, "spoke": [1, 2, 7, 9, 11], "spoke1": [2, 3, 5, 6, 7, 8, 9, 10, 11, 12], "spoke2": [1, 3, 5, 6, 7, 8, 10, 13], "ssh": [1, 5, 6, 7, 8, 10, 11, 12], "ssl": 9, "stage": [6, 8], "standard": 6, "standard_b2m": 6, "standard_d3_v2": 10, "start": [2, 6, 9, 11], "stat": [4, 8], "state": [3, 4, 6, 8, 10], "statement": 4, "statemet": 4, "static": [6, 10, 11], "statist": 4, "statu": [2, 4, 6, 8, 11], "step": [1, 6, 8, 10], "still": [3, 8, 10, 12], "stop": [5, 8], "storag": 10, "stream": 10, "string": [10, 11], "strong": 10, "strongswan": 1, "student": [1, 6, 7, 9, 12], "studio": 4, "su": 9, "sub1": [2, 6], "subnet": [2, 3, 6, 8, 10, 11, 12, 13], "subscript": 10, "subsequ": [2, 6, 11, 12], "success": [3, 9, 10, 12], "successfulli": [2, 3, 5, 9, 10, 12], "sudo": [9, 11, 12], "suggest": 5, "summari": [5, 8], "support": 1, "sure": [2, 5, 6, 10, 13], "suricata": [3, 9], "survei": 0, "swanctl": 11, "switch": 8, "symbol": [10, 11], "system": 9, "t": [3, 6, 8, 9, 10], "t2": [5, 6, 13], "tab": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "tabl": [2, 3, 5, 7, 8, 9, 10, 13], "tag": [3, 5, 13], "take": [2, 3, 6, 8, 10, 12], "taken": 10, "target": [9, 12], "task": [2, 6, 11, 12], "tcp": [3, 8], "technologi": 8, "templat": [2, 5, 10, 11, 12, 13], "temporari": 8, "temporarili": 8, "term": 6, "termin": [3, 5, 6, 7, 11, 12, 13], "terraform": 1, "test": [1, 3, 5, 6, 7, 13], "test1": [3, 5, 6, 7, 8, 9, 10, 11, 12], "test2": [3, 8, 9], "testmynid": 9, "tf": 4, "tfstate": 4, "tfvar": 4, "than": 4, "thank": [3, 9], "thei": [0, 2, 5, 12, 13], "them": [4, 6, 7], "ther": 9, "therefor": [2, 3, 4, 5, 6, 9, 10, 12], "thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "thing": 4, "thit": 3, "those": [3, 6, 8, 12], "threat": [3, 5, 13], "threatgroup": [5, 13], "threatguard": 5, "threatiq": [0, 1], "three": [3, 5, 6, 7, 9, 10, 12], "threee": 12, "through": [2, 3, 6, 7, 8, 9, 10, 12], "throughout": 1, "throughput": 10, "thu": 12, "tier": 1, "time": [1, 2, 3, 5, 6, 7, 8, 9, 10, 12], "timer": [6, 8], "timestamp": [5, 9], "tl": 3, "tmnid": 9, "tmp": 9, "togeth": 0, "toggl": [5, 9], "too": 10, "tool": 11, "top": [2, 3, 6, 8, 10, 12], "topologi": [3, 4, 12], "topopologi": 6, "tor": 9, "torn": 1, "total": 6, "toward": [4, 8, 9, 10, 12], "tracerout": 12, "traffic": [8, 10, 12], "train": [0, 1], "trainer": [1, 13], "transit": [0, 1, 2], "transit_gatewai": 4, "translat": 9, "transmit": 4, "tri": 9, "trigger": [2, 5, 13], "troubl": 4, "troubleshoot": [6, 12], "trust": 4, "try": [3, 9, 10], "tunnel": [6, 8, 11], "turn": [3, 5, 8, 9, 10, 12], "turnkei": 10, "two": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "type": [2, 5, 6, 9, 11, 12, 13], "typic": [3, 11], "u": [1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12], "ubuntu": 13, "udp": [9, 10], "ui": [2, 4, 5, 12], "ultim": 12, "unaffect": 9, "unattach": 8, "unchang": 3, "under": [5, 10, 12], "underlai": [2, 12], "underli": 8, "understand": [3, 9], "undoubtetli": 3, "uniqu": [3, 6, 10], "unless": [1, 7], "unmanag": 6, "unreach": 8, "until": [1, 3, 4, 10, 12], "untrust": 8, "unus": [5, 13], "up": [2, 3, 5, 6, 9, 10, 11, 12, 13], "updat": [5, 6, 11, 13], "update_swanctl": 11, "upon": 9, "url": [2, 3, 8, 9, 10, 13], "us": [1, 2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], "user": [0, 2], "usernam": 10, "util": [5, 8, 13], "utilis": [1, 11], "v": 4, "valid": [1, 3, 5, 6], "valu": [2, 3, 5, 6, 9, 13], "vari": 10, "variabl": 4, "vcn": [3, 6, 7, 8, 10], "vendor": 4, "veri": [3, 6, 9, 10, 12], "verif": [2, 12], "verifi": [1, 5, 6, 7, 8, 9, 11, 12, 13], "version": [4, 10], "via": [10, 12], "view": [2, 5, 6, 7, 15], "virginia": [5, 8, 13], "virtual": [5, 6, 9, 10, 11, 13], "visibl": [8, 9, 12], "visual": 4, "vm": [1, 6, 7, 10, 12], "vnet": [1, 3, 5, 6, 7, 8, 9, 10, 11, 13], "vpc": [1, 3, 5, 6, 7, 9, 10, 11, 12, 13], "vpn": 0, "wa": [2, 3, 4, 5, 8, 9, 10, 11, 12], "wai": [5, 13], "wait": [2, 5, 8, 10, 11, 12, 13], "wall": 8, "wan": 12, "want": [2, 3, 9], "warn": 10, "watch": 9, "we": [4, 5, 6, 7, 8, 9, 10, 11, 13], "web": [2, 5, 6, 8, 9, 10], "webgroup": 5, "websit": 9, "week": [0, 1], "welcom": 10, "well": [5, 7, 8, 13], "were": [8, 10], "west": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 13], "west2": [2, 6], "what": [3, 4, 5, 6, 7, 8, 9, 11], "when": [4, 5, 6, 8, 10, 12, 13], "where": [3, 4, 5, 8, 10, 13], "wherea": [6, 12], "wherebi": [3, 9], "whether": [2, 3, 9], "which": [1, 4, 6, 9, 10], "while": [5, 6, 7, 10, 13], "white": 2, "whole": 3, "whom": 9, "why": 8, "widget": [4, 12], "wikipedia": 9, "window": [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13], "within": [6, 8, 9, 10, 11, 12], "without": [3, 6, 7, 9, 10, 12], "wll": 9, "word": 1, "work": [3, 4, 5, 9, 10, 11, 13], "workflow": 11, "workload": [5, 6, 7, 13], "workstat": [4, 5, 12, 13], "wortkstat": [5, 13], "would": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "www": [9, 13], "x": 9, "ye": 4, "yet": [3, 6, 8, 10, 12], "ym2v": 15, "york": [5, 11, 12], "you": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15], "your": [1, 2, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15], "yourself": 2, "zone": [2, 5, 6, 8, 9, 10], "zoom": 1}, "titles": ["PDFs", "Welcome to ACE Professional Lab", "Lab 1 - VPCs/VNets CREATION", "Lab 10 - DISTRIBUTED CLOUD FIREWALL", "Lab 11 - IAC & NETWORK INSIGHTS API", "Lab 9 - THREATIQ & COSTIQ", "Lab 2 - TRANSIT NETWORKING", "Lab 3 - NETWORK SEGMENTATION", "Lab 4 - HPE WITH ACTIVE MESH", "Lab 5 - CLOUD PERIMETER SECURITY (Secure Cloud Egress)", "Lab 6 - FIRENET", "Lab 7 - SITE2CLOUD", "Lab 8 - SECURE HIGH-PERFORMANCE DATACENTER EDGE", "Lab 9 - THREATIQ & COSTIQ", "LOGOS-ICONS", "POD Portal"], "titleterms": {"": [11, 12], "0": 13, "1": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "10": 3, "11": 4, "2": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "3": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "4": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "5": [1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "6": [3, 5, 6, 7, 8, 9, 10, 13], "7": [3, 8, 11, 13], "8": [12, 13], "9": [5, 13], "A": 5, "As": 12, "It": 12, "On": 11, "WITH": 8, "ac": 1, "access": 1, "activ": [3, 8], "activemesh": 8, "ad": [5, 9], "add": 3, "after": 8, "again": 13, "allow": [3, 13], "an": [3, 5, 9], "api": 4, "architectur": [3, 9], "associ": [8, 12], "attach": [3, 4, 6, 7, 8, 12], "automat": 5, "aviatrix": [6, 7, 8], "aw": [2, 6, 13], "azur": [2, 6, 10], "bad": [5, 13], "befor": 8, "between": [3, 12], "bonu": 8, "bu1": 3, "bu2": 3, "build": 3, "cloud": [3, 6, 9, 11], "configur": [6, 7, 8, 10, 11], "connect": [3, 6, 7, 8, 10, 11, 12], "consol": 2, "control": 9, "copilot": [6, 7, 8], "costiq": [5, 13], "creat": [2, 3, 4, 5, 9, 13], "creation": [2, 3], "datacent": 12, "db": 6, "dc": 13, "dcf": [3, 9, 13], "deni": 9, "deploi": [5, 13], "deploy": 10, "descript": 4, "distribut": 3, "domain": [7, 8, 12, 13], "drop": 5, "east": [3, 6], "east1": [3, 13], "ec2": 9, "edg": 12, "edit": 9, "egre": 9, "egress": 9, "enabl": [8, 9, 13], "encrypt": 8, "enforc": [5, 9], "expect": 4, "explicit": 9, "explor": 6, "fabric": 6, "featur": 9, "firenet": 10, "firewal": [3, 10], "flightpath": 8, "flowiq": 12, "forc": 5, "from": [2, 3], "gatewai": [6, 7, 8], "gcp": [2, 6, 10], "gener": [5, 9, 11, 12, 13], "get": 1, "group": 3, "gui": [5, 13], "gw": [4, 12], "high": [8, 12], "hoc": [5, 9], "hpe": 8, "i": 13, "iac": 4, "icmp": 3, "icon": 14, "id": 9, "identifi": 9, "info": 6, "inform": 1, "initi": 6, "insid": [3, 10], "insight": 4, "inspect": 9, "instal": 10, "instanc": 9, "integr": 10, "inter": 3, "intra": 3, "introduct": 2, "ip": 13, "keepal": 8, "lab": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13], "laptop": 3, "launch": 10, "link": 15, "logo": 14, "malici": 13, "mesh": 8, "modifi": 9, "more": 12, "mtt": 3, "multi": 3, "multicloud": 6, "network": [3, 4, 6, 7, 8, 9, 10, 12], "new": [5, 9, 13], "object": [3, 5, 6, 7, 8, 9, 10, 11, 12, 13], "overview": [3, 5, 6, 7, 10, 11, 13], "pan": 10, "path": 12, "pdf": 0, "peer": [4, 6, 8, 10], "perform": [8, 12], "perimet": 9, "pod": 15, "polici": [7, 10], "portal": 15, "prefac": 1, "prem": 11, "prepar": 9, "prepend": 12, "prerequisit": 1, "privat": 9, "profession": 1, "psf": [5, 13], "pt": 8, "public": 5, "question": 8, "resid": 9, "result": 4, "rout": [6, 8, 10], "rtb": [5, 9, 13], "rule": [3, 5, 9, 13], "s2c": 11, "secur": [9, 12], "segment": [7, 8], "servic": 13, "share": 13, "simul": 9, "site2cloud": 11, "smart": 3, "smartgroup": [5, 9, 13], "spoke": [3, 4, 6, 8, 10, 12], "spoke1": 13, "ssh": [3, 9, 13], "start": [1, 8], "strongswan": 11, "subnet": [5, 9], "summari": 4, "templat": 8, "terraform": 4, "test": [8, 9, 10, 12], "test1": 13, "than": 12, "threatiq": [5, 13], "three": 13, "through": 4, "tier": 3, "topologi": [1, 5, 6, 7, 8, 9, 10, 11, 13], "toward": [3, 5, 13], "traffic": [3, 5, 9, 13], "transit": [3, 4, 6, 7, 8, 10, 12], "trust": [3, 9], "u": [6, 13], "valid": 4, "vendor": 10, "verif": [3, 5, 6, 7, 8, 10, 11, 13], "verifi": [2, 3, 10], "view": 8, "vm": 3, "vnet": 2, "vpc": [2, 4, 8], "webgroup": [9, 13], "welcom": 1, "where": 9, "within": 3, "workload": 9, "york": 13, "your": 3, "zero": [3, 9], "ztna": 9}}) \ No newline at end of file