https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143366#M1112 <P>Hi all,</P><P>Where can i find information about a Cloud Guard Implementation without a public loadbalancer or without a loadbalancer without Public IP's.</P><P>Situation (See the screenshot)</P><P>-2x Check Point Applicance ClusterXL (On-Premise) with a connection to Azure by ExpressRoute</P><P>-1x Check Point Management (On-Premise)</P><P>-Microsoft Azure Environment with multiple VNET's.</P><P>&nbsp;</P><P>The Azure environment is only accessible by the ExpressRoute connection.</P><P>I want to use the Check Point Cloud Guard between VNET's and the ExpressRoute within Azure without a Internet Connection or the use of Public IP's.</P><P>So traffic from On-Premise must go to the FrontEnd Loadbalancer -Check Point CloudGuard -&gt; BackEnd Loadbalancers -&gt; Different kind of azure virtual machines and vice versa.</P><P>When we create a CloudGuard Network Security environment within Azure, we choose not to use "Use Public IP Prefix", but it still does.</P><P>How can we achieve this, or is this even possible?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Mar 2022 15:12:47 GMT RayP 2022-03-09T15:12:47Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143366#M1112 <P>Hi all,</P><P>Where can i find information about a Cloud Guard Implementation without a public loadbalancer or without a loadbalancer without Public IP's.</P><P>Situation (See the screenshot)</P><P>-2x Check Point Applicance ClusterXL (On-Premise) with a connection to Azure by ExpressRoute</P><P>-1x Check Point Management (On-Premise)</P><P>-Microsoft Azure Environment with multiple VNET's.</P><P>&nbsp;</P><P>The Azure environment is only accessible by the ExpressRoute connection.</P><P>I want to use the Check Point Cloud Guard between VNET's and the ExpressRoute within Azure without a Internet Connection or the use of Public IP's.</P><P>So traffic from On-Premise must go to the FrontEnd Loadbalancer -Check Point CloudGuard -&gt; BackEnd Loadbalancers -&gt; Different kind of azure virtual machines and vice versa.</P><P>When we create a CloudGuard Network Security environment within Azure, we choose not to use "Use Public IP Prefix", but it still does.</P><P>How can we achieve this, or is this even possible?</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Mar 2022 15:12:47 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143366#M1112 RayP 2022-03-09T15:12:47Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143397#M1113 <P>Hi,</P> <P>I have done this several times. this is what you need to do:</P> <P>1) you can't use the Frontend LB because it only has Public IPs. you can even delete it if you don't need to use it.</P> <P>2) All your UDRs need to go to the Internal LB private IP and on the CloudGuard GWs make sure the default route in changed to the Azure Router on eth1 subnet.</P> <P>This way all the traffic goes in and out from the same interface of the Check Point GWs (eth1) .</P> <P>This way you have like a Firewall on a stick.</P> <P>you can also detach the Public IPs from the CloudGuard GWs interface eth0 . the only thing you can't remove is the Public IP on the Cluster's VIP.</P> Thu, 10 Mar 2022 06:54:20 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143397#M1113 Nir_Shamir 2022-03-10T06:54:20Z https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143557#M1114 <P>Thnx for the information Nir_Shamir, that helped us.<span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P><P>&nbsp;</P> Fri, 11 Mar 2022 22:37:24 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Cloudguard-Implementation-without-a-Public-loadbalancer-public/m-p/143557#M1114 RayP 2022-03-11T22:37:24Z