topic IaaS BluePrint on Azure in Cloud Firewall

IaaS BluePrint on Azure

IdentityUnknown — Sat, 25 Apr 2020 10:33:46 GMT

Hi folks,

one question to the recommended blueprint designed by CP:

If you have to implement it in an azure cloud, do you use for each spoke and each hub a dedicated VNET?

It means you have to pay a lot of money for incoming and outgoing vnet traffic.

If you take a look to an older deployment guide the recommendation is to use one vnet and seperate it with subnets.

What is best practise with all advantages and disadvantages?

Thank you in advance & best regards

Re: IaaS BluePrint on Azure

Amit_Schnitzer — Mon, 11 May 2020 06:14:45 GMT

Hi,

Check Point's Cloud Security BluePrint is a conceptual "best practice" approach

with that in mind, when it comes to Azure, it can be deployed inside the same vNET or across multiple vNETs. From an architecture approach, it is preserving the same principles and thus a viable solution.

The decision whether to implement it that way or the other is up to the customer decision and depends on some factors such as organization structure, environment size & scale, locations and cost as well.

In other words, for an organization with limited cloud presence (Subscriptions, Regions, vNET's), it would probably make sense to follow the BluePrint and deploy the solution within a single vNET (I have added a diagram as an example)

hope that helps

Re: IaaS BluePrint on Azure

benko2 — Fri, 16 Apr 2021 07:09:41 GMT

In Microsoft documentation (Azure Virtual Network concepts and best practices) you can find this:

It is recommended you have fewer large VNets rather than multiple small VNets.