-
Account - Use the drop-down menu to select an Azure account you want to deploy the gateway to.
-
Name - Enter a name for the gateway. This name is displayed in the page.
-
(Optional) Description - Enter a description for the gateway that might help identify it from other gateways.
-
Instance Type - Use the drop-down menu to select the instance type that deploys the Gateway.
-
Minimum Instances - Select the minimum number of instances deployed in auto scaling group per availability zone.
-
Maximum Instance - Select the maximum number of instances deployed in auto scaling group per availability zone.
-
HealthCheck Port - Enter the healthcheck port number. Multicloud Defense Controller uses 65534 as the default value.
-
User Name - Enter the user name used to access the gateway once created.
-
Packet Capture Profile - Use the drop-down menu to select where packets are stored in the cloud storage bucket. If there are no option listed, click Create Packet Capture Profile to create one from this window.
-
Log Profile - Use the drop-down menu to select which cloud service provider is used to forward logging to.
-
Metrics Profile - Use the drop-down menu to select an entity to forward metrics to. If there are no option listed, click Create Metrics Forward Profile to create one from this window.
-
NTP Profile - Use the drop-down menu to select the NTP profile associated with the gateway. If there are no options listed, click Create to create one from this window.
-
Security - Select the type of traffic flow your gateway is expected to handle. Ingress security targets traffic that flows from the public internet to a private network; east-west & egress security targets traffic that is outbound from your private network and traffic that moves between your data centers.
-
Gateway Image - Use the drop-down menu to select the gateway image to be deployed to the gateway.
-
Policy Ruleset - Use the drop-down menu to select a policy rulset to be deployed and start processing traffic. If there is not ruleset listed, click Create new to create a policy rulset from this window.
-
Region - Use the drop-down menu to select the region your gateway is deployed to.
-
VPC/VNet ID - Use the drop-down menu to select the VPC where the gateway is deployed to.
-
Key Selection - Select either an SSH Public key or an SSH Key Pair. Enter the value that is applied to the gateway in the next text field.
-
Resource Group - Use the drop-down menu to select an existing resource group that is applied to the gateway.
-
User Assigned Identity ID - Enter a valid value.
-
Mgmt. Security Group - Use the drop-down menu to select a security group used for the gateway management interface. Note that if you select a Multicloud Defense-created service VPC, a security group is created specifically for management.
-
Datapath Security Group - Use the drop-down menu to select a security group used for the gateway datapath interface. If selecting Multicloud Defense-created service VPC, a security group is created specifically for the datapath.
-
Disk Encryption - Enable disk encryption with either the Azure managed encryption or a customer-managed encryption key. Note that if you opt for a customer-managed encryption key, you need to create and deploy an IAM policy for successful deployment.
-
Availability Zone - Use the drop-down menu to select an availablilty zone.
-
Mgmt. Subnet - Use the drop-down menu to select a management subnet for the management interface.
-
Datapth Subnet - Use the drop-down menu to select a datapath subnet for the datapth interface.
To add more instance types, click the "+" icon. Subseuqntly, you can remove additional instance types with the "-" icon.