This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
IdentityUnknown
Participant
‎2020-04-25 03:33 AM

IaaS BluePrint on Azure

Jump to solution

Hi folks,

one question to the recommended blueprint designed by CP:

image.png

If you have to implement it in an azure cloud, do you use for each spoke and each hub a dedicated VNET? 

It means you have to pay a lot of money for incoming and outgoing vnet traffic. 

If you take a look to an older deployment guide the recommendation is to use one vnet and seperate it with subnets.
image.png

 

What is best practise with all advantages and disadvantages?

 

Thank you in advance & best regards

 

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Amit_Schnitzer
Employee
Employee
‎2020-05-10 11:14 PM

Jump to solution

Hi, 

Check Point's Cloud Security BluePrint is a conceptual "best practice" approach

with that in mind, when it comes to Azure, it can be deployed inside the same vNET or across multiple vNETs. From an architecture approach, it is preserving the same principles and thus a viable solution. 

The decision whether to implement it that way or the other is up to the customer decision and depends on some factors such as organization structure, environment size & scale, locations and cost as well. 

In other words, for an organization with limited cloud presence (Subscriptions, Regions, vNET's), it would probably make sense to follow the BluePrint and deploy the solution within a single vNET (I have added a diagram as an example)

 

hope that helps 

View solution in original post

Preview file
41 KB
Reply
1 Reply
Amit_Schnitzer
Employee
Employee
‎2020-05-10 11:14 PM

Jump to solution

Hi, 

Check Point's Cloud Security BluePrint is a conceptual "best practice" approach

with that in mind, when it comes to Azure, it can be deployed inside the same vNET or across multiple vNETs. From an architecture approach, it is preserving the same principles and thus a viable solution. 

The decision whether to implement it that way or the other is up to the customer decision and depends on some factors such as organization structure, environment size & scale, locations and cost as well. 

In other words, for an organization with limited cloud presence (Subscriptions, Regions, vNET's), it would probably make sense to follow the BluePrint and deploy the solution within a single vNET (I have added a diagram as an example)

 

hope that helps 

View solution in original post

Preview file
41 KB
Reply