This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Chandhrasekar_S
Collaborator
‎2018-02-12 06:52 AM

Azure Checkpoint VSEC Cluster Internal Load balancer

Hi All,

I deployed CheckPoint VSEC cluster from Microsoft Azure Market place. I see the cluster is having a public load balancer, which has two cluster gateways outside IP's as front end IPs

I would like to spin up a second internal load balancer, which will have the cluster gateways inside IP's configured

I am able to deploy the load balancer and add the gateway IPs fine, however the challenge I am facing is, in order to achieve HA in Azure, we have to configure the second load balancer name is $FWDIR/conf/azure-ha.json file and reconf it.

I tried adding the second (internal) load balancer name after the comma, the azure_ha_cli.py isn't recognizing the second load balancer name and isn't failing over.

Does anyone have tried this and can you let me know how you are achieving HA using this method

Thanks,

Chandru

Reply
6 Replies
Martin_Valenta
Advisor
‎2018-02-15 11:00 PM

In json file you can specify only public load balancer name, it doesn't count with internal load balancer. Azure template for vsec cluster is deployed per design specified here Deploying a Check Point Cluster in Microsoft Azure 

0 Kudos
Reply
Chandhrasekar_S
Collaborator
‎2018-03-21 07:25 PM
In response to Martin_Valenta

I agree, in JSON file you specify the load balancer name. I have internal load balancer working fine on eth0 interface

I do understand, Azure template for vSEC cluster only supports load balancer on eth0 interface

It would be better if Check Point comes up having a load balancer on eth1 interface as well

0 Kudos
Reply
Martin_Valenta
Advisor
‎2018-03-21 08:30 PM
In response to Chandhrasekar_S

You might want to look on Auto scale option, this will give you load balancer on eth0 and eth1  Trust me having just one load balancer in front of cluster will give you a lot of fun.

Reply
Chandhrasekar_S
Collaborator
‎2018-03-24 06:58 PM
In response to Martin_Valenta

Yes Check Point Scale sets offer load balancers on both eth0 and eth1 interfaces. however they can only do stateless protocols like http and https. It works for internet facing apps. 

I cant deploy them every where, since we have to inspect other stateful protocols like sql server, rdp etc. 

0 Kudos
Reply
Nikhil_Deshmukh
Contributor
‎2018-07-19 05:22 AM
In response to Chandhrasekar_S

External Load Balancer's :- They are needed when you want to Publish Web Services (Web page / Application running on any Server) over the Internet.

See as per my understanding Internal Load Balancer's are used for Balancing the Traffic loads for any server between different nodes or not to expose Server's directly to User's.

Wht is your specific requirement with Load Balancer's to be acknowledged by VSec on the Internal Azure plane.?

Reply
Jerry_Thornhil1
Explorer
‎2018-07-13 08:02 AM

all,

how do you get the cluster to answer health probes from load balancers? even on internal interfaces.

0 Kudos
Reply