- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
we have an AWS ingress gateway auto scale group deployed. We have all routing setup between accounts using tgw.
However, and this is random, some of our External load balancers with targets as gateways do not come up healthy. this is completely random but once comes up as unhealthy it never turns healthy for that particular lb.
i am able to curl from the gateway to the internal LB and the internal LB is healthy and can be hit directly and shows the webpage.
Setup:
External lb:
Listen port 443
Target port: 9500 (doesnt come up healthy but autoprov and provisioned the rules)
Internal LB:
Listen port 443
Target port 443
TAG-: x-chkp-forwarding- https-9500-443
any idea what could be happening here? we are not doing https inspection, just passing from https traffic.
thanks
Rohan
PhoneBoy
Hi Rohan,
Try the below setting on the Target groups of Firewall- Health Checks:
Protocol: HTTPS
Path: /
Port: traffic port
Healthy Threshold:2
UnHealthy Threshold:2
Timeout: 4
Internal:10
Success Codes: 200-499
This should give Firewall health check fine.
Regards, Prabu
So this was a bug we faced in r80.20. the only way to solve was turn off fwaccel on r80.20 IAAS.
Not tested in R80.20.
But for my customer in R80.30 have "fwaccel on" and that setting on Health Check did work.
Regards, Prabu
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY