This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cristian_F_CCSM
Contributor
Contributor
‎2018-11-09 01:16 PM

Static NAT with multiple public IP on MS Azure

Hello, i need a clarification about NAT with multiple public IP with GW CloudGuard in Azure.

Can I assign or route more than only one public IP to CP GW?

I need to pubblic more than one web server (TCP ports 80 and 443) and we would like to use many public IP.


I hope i was clear.


Thanks a lot

5 Replies
Ted_Serreyn
Collaborator
‎2018-11-09 02:37 PM

You can bind multiple public ip addresses to an external load balancer.

Then you create NAT rules directing http/https to custom ports on the firewall, say http-8001, and https-9001.

Then NAT rules on firewall can change custom ports back to http/https on internal server or internal load balancer.

At some point you will hit a limit as to how many public ip addresses you can bind to the external load balancer, but it is a soft limit that can be changed by Microsoft at request.

We are doing this for production and development servers and so far it appears to be working great!

Cristian_F_CCSM
Contributor
Contributor
‎2018-11-10 01:48 AM
In response to Ted_Serreyn

Hello, many thanks for quick reply.

Do you have a document about CP VSEC and Azure Load Balancer?

Thanks again

0 Kudos
1c222f14-a2a8-4
Explorer
‎2018-11-10 07:32 AM
In response to Cristian_F_CCSM

Hi Cristian,

You can check below link.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Regards,

Deepak Sharma.

Matthias_Haas
Advisor
‎2018-11-14 03:05 AM

Hi Cristian,

you could also use Load Balancing Rules and "Floating IP (direct server return)" which allows you to forward the Public IPs to the Firewall. In this case, you don't need that Destination Port NAT on the LB and you will "see" the Public IPs in the Firewall Log.

Regards

Matthias

Cristian_F_CCSM
Contributor
Contributor
‎2018-12-14 07:08 AM
In response to Matthias_Haas

Hello, sorry for extreme delay.

Thanks a lot for the reply.

We will update you after the VSEC GW installation.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
AWS Cluster in-place upgrade
Upcoming Events

    Sort by:
    CheckMates Events