https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202599#M4539 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73681">@tropicanaslim</a>&nbsp;</P> <P>The recommended solution for E/W and N/S is Gateway Load Balancer Autoscaling.<BR /><A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Default.htm" target="_blank">Admin guide: https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Default.htm</A>&nbsp;<BR />Workshop:</P> <P lang="x-none"><A href="https://unrivaled-melba-1a81a6.netlify.app/" target="_blank">https://unrivaled-melba-1a81a6.netlify.app/</A><BR /><BR />In case Site to Site VPN is required the Cross AZ Cluster should be added to architecture.<BR /><BR /><SPAN>Thanks,</SPAN></P> <P lang="x-none">Roman</P> <P><BR />&nbsp;</P> Tue, 09 Jan 2024 13:17:15 GMT Roman_Kats 2024-01-09T13:17:15Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202452#M4523 <P>Hi Checkmates,</P><P>We are currently redesigning cloud security adoption on AWS, especially in the area of ​​network security.</P><P>From the <A href="https://support.checkpoint.com/results/sk/sk111013" target="_self">architecture blueprint owned by Check Point</A> and adapting it to the internal design, we see that there are 2 potential designs that we can use:<BR /><A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Content/Topics-AWS-GWLB-ASG-DG/Introduction.htm" target="_self">CloudGuard Network for AWS Auto Scale Group with Transit Gateway</A> and <A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_for_AWS_Cross_AZ_Cluster/Content/Topics-AWS-CrossAZ-Cluster-DG/Deployment-Steps-CrossAZ-Cluster.htm?tocpath=Deploying%20CloudGuard%20Network%20Cross%20AZ%20Cluster%20in%20AWS%7C_____0#Deploying_CloudGuard_Network_Cross_AZ_Cluster_in_AWS" target="_self">CloudGuard Network for AWS Cross Availability Zone Cluster with Transit Gateway</A>, because we use TGW to connect from Direct Connect and 2 VPCs.</P><P>After reading the admin guide, I am still unsure which of the two designs above is suitable for our needs.</P><P>Do you guys have any suggestions from Checkmates regarding which design is suitable for us? and what is the difference between the two?</P><P>Our situation :</P><UL><LI>TGW enable</LI><LI>Traffic from DX</LI><LI>2 VPCs</LI><LI>Access from internal and external (public)</LI></UL><P>&nbsp;</P><P>Thanks! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 08 Jan 2024 12:54:13 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202452#M4523 tropicanaslim 2024-01-08T12:54:13Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202466#M4524 <P>The main difference between Cross-AZ Cluster and AutoScale is VPN.</P> <P>If you require the CloudGuard Gateways to act as a VPN termination device, then Cross-AZ Cluster is the way to go.</P> <P>Otherwise, the AutoScale solution would be recommended.<BR /><BR />For a comparison of Public Cloud solutions, please see&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk178668" target="_self">sk178668</A>&nbsp; </P> Mon, 08 Jan 2024 13:48:02 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202466#M4524 avivs 2024-01-08T13:48:02Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202482#M4526 <P>More details about your specific requirements and what you're trying to achieve might help.</P> Mon, 08 Jan 2024 14:20:42 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202482#M4526 PhoneBoy 2024-01-08T14:20:42Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202574#M4537 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/37680">@avivs</a>&nbsp;<BR /><BR />Thank you for the answer and suggestions..&nbsp;CMIIW, means both can be used to protect N/S and E/S traffic, right? and the most obvious difference is only from the VPN side?</P> Tue, 09 Jan 2024 07:23:59 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202574#M4537 tropicanaslim 2024-01-09T07:23:59Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202575#M4538 <P>Hi PhoneBoy,</P><P>Sorry if my question is not clear enough. The goals is protecting for E/W and N/S traffic&nbsp;that passes through the transit gateway from public, internal via DX.</P><P>I see there are 2 suitable solutions as per my post, but I'm looking for which option is the best.</P> Tue, 09 Jan 2024 07:26:14 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202575#M4538 tropicanaslim 2024-01-09T07:26:14Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202599#M4539 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73681">@tropicanaslim</a>&nbsp;</P> <P>The recommended solution for E/W and N/S is Gateway Load Balancer Autoscaling.<BR /><A href="https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Default.htm" target="_blank">Admin guide: https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Load_Balancer_ASG/Default.htm</A>&nbsp;<BR />Workshop:</P> <P lang="x-none"><A href="https://unrivaled-melba-1a81a6.netlify.app/" target="_blank">https://unrivaled-melba-1a81a6.netlify.app/</A><BR /><BR />In case Site to Site VPN is required the Cross AZ Cluster should be added to architecture.<BR /><BR /><SPAN>Thanks,</SPAN></P> <P lang="x-none">Roman</P> <P><BR />&nbsp;</P> Tue, 09 Jan 2024 13:17:15 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/202599#M4539 Roman_Kats 2024-01-09T13:17:15Z https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/203983#M4561 <P>In place of the unrivaled melba link above please use this one &gt;&nbsp;<A href="https://checkpoint.awsworkshop.io/" target="_self">https://checkpoint.awsworkshop.io/</A>&nbsp;</P> <P>&nbsp;</P> <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/73681">@tropicanaslim</a>&nbsp;</P> Tue, 23 Jan 2024 16:23:04 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Check-Point-Cloud-FW-on-AWS/m-p/203983#M4561 Jeff_Engel 2024-01-23T16:23:04Z