https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/100463#M1816 <P>UPDATED JUNE 16, 2021 - AWS Gateway Load Balancer Diagrams and GCP Architecture Diagrams have been added!</P> <P>&nbsp;</P> <P>This document is designed to help with deciding how to architect cloud environments. It includes reference architectures for multi-cloud and specific cloud providers. It provides a succinct, technical overview of deployment options, highlighting the values and architecture differences of each one. <BR /><BR /></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 16 Jun 2021 19:55:58 GMT Maya_Levine 2021-06-16T19:55:58Z https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/100463#M1816 <P>UPDATED JUNE 16, 2021 - AWS Gateway Load Balancer Diagrams and GCP Architecture Diagrams have been added!</P> <P>&nbsp;</P> <P>This document is designed to help with deciding how to architect cloud environments. It includes reference architectures for multi-cloud and specific cloud providers. It provides a succinct, technical overview of deployment options, highlighting the values and architecture differences of each one. <BR /><BR /></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 16 Jun 2021 19:55:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/100463#M1816 Maya_Levine 2021-06-16T19:55:58Z https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/100509#M1817 <P>Very useful document! Thank you!</P> Thu, 29 Oct 2020 08:05:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/100509#M1817 mk1 2020-10-29T08:05:58Z https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112058#M1818 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/19458">@Maya_Levine</a>,</P><P>Is there any videos somewhere in the community or in YouTube showing more details about the designs (AWS) in the document? I'd like to know why VPN is used between TGW and Egress VPCs, instead of standard VPC attachment to the TGW. The part with VPC peering between Ingress VPC and the rest of spokes is also interesting.</P><P>Thank you!</P> Mon, 01 Mar 2021 08:10:39 GMT https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112058#M1818 mk1 2021-03-01T08:10:39Z https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112311#M1819 <P>Hello,&nbsp;</P> <P>With a standard VPC attachment you are bound to the VPC's public routing. The attachments point to a subnet so you can only point to one ENI at a time. This limits you to an HA solution, you cannot use auto-scaling.&nbsp;</P> <P>We use VPN because in AWS peering is not transitive. The better way to pass traffic across multiple CP instances is VTI (Virtual Tunnel Interfaces). TGW comes with some sort of VPN GW and has ECMP, which will load balance traffic from any source VPC to CP GW. We also use VPNs because we have automation that allows us to build tunnels with the CME (see the <A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Default.htm" target="_blank" rel="noopener">Cloud Management Extension R80.10 and Higher Administration Guide</A>). It will automatically take care of everything when a new auto-scaling instance is in the auto-scaling group. It will trigger a script to build site to site VPNs, advertise routes, and more.&nbsp;</P> <P>In terms of resources, I attached a PDF made by Cloud Security Architect Eugene Tcheby that goes over the differences between TGW-ASG and TGW-HA. You can also check out this webinar which goes over what is required to deploy an auto-scaling group of CG GWs:</P> <DIV><A tabindex="-1" title="https://www.brighttalk.com/webcast/16731/400673?utm_campaign=viewing-history&amp;utm_source=brighttalk-portal&amp;utm_medium=web" href="https://www.brighttalk.com/webcast/16731/400673?utm_campaign=viewing-history&amp;utm_source=brighttalk-portal&amp;utm_medium=web" target="_blank" rel="noreferrer noopener">https://www.brighttalk.com/webcast/16731/400673?utm_campaign=viewing-history&amp;utm_source=brighttalk-portal&amp;utm_medium=web</A></DIV> <DIV>&nbsp;</DIV> <DIV>Best Regards,&nbsp;</DIV> <DIV>Maya</DIV> Sun, 19 Dec 2021 13:22:50 GMT https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112311#M1819 Maya_Levine 2021-12-19T13:22:50Z https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112442#M1820 <P>Thank you for your reply and for the useful links and file!</P> Thu, 04 Mar 2021 07:27:13 GMT https://community.checkpoint.com/t5/Cloud-Firewall/CloudGuard-Blueprint-Architecture-Diagrams/m-p/112442#M1820 mk1 2021-03-04T07:27:13Z