topic Re: Azure VNET Peering from CloudGuard VNET to a new VNET in a different subscription in Cloud Firewall

Azure VNET Peering from CloudGuard VNET to a new VNET in a different subscription

chrisbrooks — Wed, 19 May 2021 11:36:20 GMT

Hi

I have a requirement to implement Azure VNET peering to a VNET behind Azure Firewall in a different subscription to CloudGuard VNET. With my lack of Azure and CloudGuard Knowledge, I thought I could get some insights into how this can be achieved.

To begin with following information should help

1. Check Point CloudGuard version is R80.30

2. CloudGuard VNET already has a few VNET peerings that live in the same subscription.

3. The new subscription is in the same region

4. They subs are under same Tenant as the CloudGuard Firewall and VNET.

I can add the VNET Peering from Azure under my CloudGuard VNET, however I would like to understand if there's any additional changes that I need to do on the CloudGuards for routing traffic or access policies to restrict traffic from the peered VNET.

Any help would be appreciated.

Thanks

Kanishka

Re: Azure VNET Peering from CloudGuard VNET to a new VNET in a different subscription

_Val_ — Wed, 19 May 2021 13:32:40 GMT

Moved to appropriate category

Re: Azure VNET Peering from CloudGuard VNET to a new VNET in a different subscription

Matthias_Haas — Fri, 21 May 2021 10:46:41 GMT

Hi Kanishka,

from a routing/access policy point of view, there is no difference between a VNET peering within a subscription or a VNET peering between subscriptions. In both cases you have to modify the azure routes with UDRs to route the traffic to the CloudGuard.