CG IaaS HA | Manage azure Public IPs associated to VMs, whithin CheckPoint

Dmitry_Kolt — Thu, 23 Apr 2020 15:28:19 GMT

Hello all,

We're implementing a Cloud Guard IaaS solution on Microsoft Azure.

Currently our Virtual Machines are published directly to the Internet using their corresponding Public IP address and ACL's are configured using Network Security Groups.

We're routing this outbound traffic to Check Point gateway using an Azure Route Table and it works fine.

Now we're trying to configure Inbound NAT to these same virtual machines through Check Point but it's not working.

What we've done until now:
1 - Configured a static route in both Check Point gateways destined to source Virtual Machine's network through Check Point's backend interface;
2 - Associated Virtual Machines' Public IP address to Check Point's frontend Load Balancer object in Azure;
3 - In Check Point, created a firewall policy destined to Check Point cluster object and allowing our traffic;
4 - Created an Inbound NAT rule in Check Point to translate traffic destined to Check Point cluster object to be translated into Virtual Machine object.

Thanks for your help!

Best regards,

Dmitry

Re: CG IaaS HA | Manage azure Public IPs associated to VMs, whithin CheckPoint

PhoneBoy — Sun, 26 Apr 2020 01:57:17 GMT

What precise results are you getting?
What are you seeing in the logs?
Have you confirmed the traffic even reaches the gateway?
What version/JHF level?

topic Re: CG IaaS HA | Manage azure Public IPs associated to VMs, whithin CheckPoint in Cloud Firewall

CG IaaS HA | Manage azure Public IPs associated to VMs, whithin CheckPoint

Re: CG IaaS HA | Manage azure Public IPs associated to VMs, whithin CheckPoint