Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chandhrasekar_S
Collaborator

Azure Checkpoint VSEC Cluster Internal Load balancer

Hi All,

I deployed CheckPoint VSEC cluster from Microsoft Azure Market place. I see the cluster is having a public load balancer, which has two cluster gateways outside IP's as front end IPs

I would like to spin up a second internal load balancer, which will have the cluster gateways inside IP's configured

I am able to deploy the load balancer and add the gateway IPs fine, however the challenge I am facing is, in order to achieve HA in Azure, we have to configure the second load balancer name is $FWDIR/conf/azure-ha.json file and reconf it.

I tried adding the second (internal) load balancer name after the comma, the azure_ha_cli.py isn't recognizing the second load balancer name and isn't failing over.

Does anyone have tried this and can you let me know how you are achieving HA using this method

Thanks,

Chandru

6 Replies
Martin_Valenta
Advisor

In json file you can specify only public load balancer name, it doesn't count with internal load balancer. Azure template for vsec cluster is deployed per design specified here Deploying a Check Point Cluster in Microsoft Azure 

0 Kudos
Chandhrasekar_S
Collaborator

I agree, in JSON file you specify the load balancer name. I have internal load balancer working fine on eth0 interface

I do understand, Azure template for vSEC cluster only supports load balancer on eth0 interface

It would be better if Check Point comes up having a load balancer on eth1 interface as well

0 Kudos
Martin_Valenta
Advisor

You might want to look on Auto scale option, this will give you load balancer on eth0 and eth1  Trust me having just one load balancer in front of cluster will give you a lot of fun.

Chandhrasekar_S
Collaborator

Yes Check Point Scale sets offer load balancers on both eth0 and eth1 interfaces. however they can only do stateless protocols like http and https. It works for internet facing apps. 

I cant deploy them every where, since we have to inspect other stateful protocols like sql server, rdp etc. 

0 Kudos
Nikhil_Deshmukh
Contributor

External Load Balancer's :- They are needed when you want to Publish Web Services (Web page / Application running on any Server) over the Internet.

See as per my understanding Internal Load Balancer's are used for Balancing the Traffic loads for any server between different nodes or not to expose Server's directly to User's.

Wht is your specific requirement with Load Balancer's to be acknowledged by VSec on the Internal Azure plane.?

Jerry_Thornhil1
Explorer

all,

how do you get the cluster to answer health probes from load balancers? even on internal interfaces.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.