We currently have a Hybrid cloud model. we are completely removing out data center where the Branch office VPN endpoints connect to AWS. We have 2 engines in AWS and 2 in our data center. when running test to see if we can scan something local from AWS the scans fail.
Is scanning from AWS to Local work? I’m trying to figure out if this is a Configuration issues or a AWS Scan engine Limitation.
It’s certainly not an AWS limitation. For this to work you would need the right routing and firewall rules in place to allow the scanner itself to connect back into your network over the VPN from AWS. There are several places where rules would need to be adjusted to ensure this works including the Networking on the scanners themselves for outbound communication, Networking for the entire subnet in AWS etc, as well as the VPN tunnel, any local firewalls that the traffic might also pass through in your local network before it hits the asset, and finally anything on the asset itself.
I did get two popups when Testing this
AWS pre-authorized engine requires assets to be verified through AWS before the scan can start
And
Unable to determine if blackout exist: An unexpected error occurred.