Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Pearl

AWS ELBs supported by vSEC R.80.10

I'd be interested to know what kinds of ELBs are officially supported by Check Point in AWS and what, if any, caveats that are applied to each kind.

As part of an ongoing project, I am required to route inbound traffic to peered VPCs.

Classic and Network ELBs does not support this, as it requires targets to be instances in the same VPC.

The Application ELB does:

Thank you,

Vladimir

Tags (3)
8 Replies
Highlighted
Admin
Admin

First of all, R80.10 doesn't yet support ELBs--this is coming.

As far as the different types of ELBs, there's two ways to look at this:

  • As a target from an External ELB, we're just like any other instance: we'll receive the packet based on however the ELB decides to route it to us.
  • As a source that routes it to an internal ELB, we are going to ultimately make the decision to route based on IP address, using a DNS lookup of the Logical Server object name to determine which IP to send the traffic to. Assuming we can route to the given IP, it doesn't matter if it's in the same VPC or not.

In both cases, I don't believe the type of ELB is relevant.

Highlighted
Pearl

Would you know if it is possible for vSEC to inject X-Forwarded to the packets send to ELBs?

I'm not sure that the source of traffic traversing Logical Server and ELBs can be identified by the instances, which may be required for applications.

0 Kudos
Highlighted
Admin
Admin

There's an option in Application Control to do this, which means it's likely possible.

0 Kudos
Highlighted
Pearl

Can you point me to it?

The only place I've encountered it in was the "Advanced" properties of the Proxy settings.

0 Kudos
Highlighted
Admin
Admin

That's the one.

0 Kudos
Highlighted
Pearl

Nah, this one works for the egress only.

I was looking to do the same on the way to ELBs.

0 Kudos
Highlighted
Nickel

Dameon,

Does this workaround not apply to R80.10? I am in the process of deploying a new R80.10 CheckPoint in AWS to replace an R77.30 one. 

Supporting internal Elastic Load Balancers (ELB) in Amazon Web Services (AWS) 

When is official support coming? If this workaround is not applicable to R80.10, I am at a standstill on this project... 

Thanks

0 Kudos
Highlighted
Admin
Admin

The current R80.10 AMIs do not support ELBs.

They are expected to soon but I do not have the exact timeframe for this.

0 Kudos