This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2018-09-29 11:10 AM
Jump to solution

R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Most current version of this document will be here: Check Point CloudGuard IaaS High Availability for Microsoft Azure R80.10 Deployment Guide 

Preview file
512 KB
1 Solution

Accepted Solutions
Ave_Joe
Contributor
‎2019-03-14 09:12 AM
In response to Martin_Valenta
Jump to solution

It was not a routing issue and the cause has finally been sorted.

After validating everything in the document and the setup in Azure the issue was discovered to be Anti-Spoofing.

The documentation states that Anti-Spoofing should be disabled on the frontend cluster interfaces (eth0).    It does not however mention anything about disabling Anti-Spoofing on the backend cluster interfaces (eth1).

After going through the document again this morning I set a log filter for a source of the backend-lb, 168.63.129.16.Screen Shot 2019-03-14 at 10.35.33 AM.png

After a couple of iterations while working with support we finally came to the conclusion that Anti-Spoofing needed to be disabled on cluster internal interfaces also.

Policy was pushed after disabling Anti-Spoofing and everything started working as expected.

The documentation needs to be updated to also include disabling Anti-Spoofing on eth1.

View solution in original post

0 Kudos
4 Replies
Ave_Joe
Contributor
‎2019-03-13 05:38 PM
Jump to solution

Anyone know if there is an updated CloudGuard IaaS High Availability for Microsoft Azure guide for R80.20 release?  I deployed a R80.20 IAAS Cluster and traffic to VM hosts behind the Azure gateway is not working  Using a test VM host I started a tcpdump looking for traffic.  The VM host responds to packets but the CP security gateway never sees the return packet.

I have been through this document several times trying to see what I may have missed but everything seems to  be configured per the document.

I think the issue is somewhere between the load balancer and the CP security gateway but have figured that maybe an updated version may help me figure it out.

Any one else having this issue?

Thanks!

0 Kudos
Martin_Valenta
Advisor
‎2019-03-13 11:41 PM
In response to Ave_Joe
Jump to solution

That sounds like more a routing issue only..

0 Kudos
Ave_Joe
Contributor
‎2019-03-14 09:12 AM
In response to Martin_Valenta
Jump to solution

It was not a routing issue and the cause has finally been sorted.

After validating everything in the document and the setup in Azure the issue was discovered to be Anti-Spoofing.

The documentation states that Anti-Spoofing should be disabled on the frontend cluster interfaces (eth0).    It does not however mention anything about disabling Anti-Spoofing on the backend cluster interfaces (eth1).

After going through the document again this morning I set a log filter for a source of the backend-lb, 168.63.129.16.Screen Shot 2019-03-14 at 10.35.33 AM.png

After a couple of iterations while working with support we finally came to the conclusion that Anti-Spoofing needed to be disabled on cluster internal interfaces also.

Policy was pushed after disabling Anti-Spoofing and everything started working as expected.

The documentation needs to be updated to also include disabling Anti-Spoofing on eth1.

0 Kudos
_Daniel_
Contributor
‎2019-11-06 05:29 PM
Jump to solution

Hi Dameon,

The above link looks like broken
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events