During ransomware recovery, VMs must be able to reach Carbon Black Cloud servers to send security analysis data.

Typically, ransomware recovery automatically ensures connectivity for VMs to all required Carbon Black Cloud Fully Qualified Domain Names (FQDN)s for the recovery SDDC by programming NSX Advanced Firewall, so no further actions are necessary.

However, if the recovery SDDC has no outbound connectivity to the internet and all outbound traffic is routed through some other external network or a firewall, you might need to perform more configuration steps.

For example, your recovery SDDC might be connected to the on-premises protected site over AWS Direct Connect (DX), or by VPN advertising the default route (0.0.0.0/0) that sends all outbound traffic through the on-premises corporate firewall. In that case, the corporate firewall needs to be configured to enable outbound access to Carbon Black Cloud FQDNs, as described here: Configure a Firewall.

Similarly, the outbound traffic from the recovery SDDC can be routed to a Security Virtual Private Cloud (VPC) in AWS for analysis using a default route advertised by VMware Managed Transit Gateway (vTGW). In that case, the Security VPC must allow outbound connectivity to Carbon Black Cloud FQDNs.

In most cases, you can rely on ransomware recovery to automatically ensure all needed external connectivity for all Network Isolation Levels. However, if the recovery SDDC has no connectivity to the internet, you might need to ensure that Carbon Black Cloud FQDNs are reachable from your VMs in the recovery SDDC by reconfiguring your external firewall.