AWS ELBs supported by vSEC R.80.10
I'd be interested to know what kinds of ELBs are officially supported by Check Point in AWS and what, if any, caveats that are applied to each kind.
As part of an ongoing project, I am required to route inbound traffic to peered VPCs.
Classic and Network ELBs does not support this, as it requires targets to be instances in the same VPC.
The Application ELB does:
- "Application Load Balancers can now distribute traffic to AWS resources using their IP addresses as ...
First of all, R80.10 doesn't yet support ELBs--this is coming.
As far as the different types of ELBs, there's two ways to look at this:
- As a target from an External ELB, we're just like any other instance: we'll receive the packet based on however the ELB decides to route it to us.
- As a source that routes it to an internal ELB, we are going to ultimately make the decision to route based on IP address, using a DNS lookup of the Logical Server object name to determine which IP to send the traffic to. Assuming we can route to the given IP, it doesn't matter if it's in the same VPC or not.
In both cases, I don't believe the type of ELB is relevant.
Would you know if it is possible for vSEC to inject X-Forwarded to the packets send to ELBs?
I'm not sure that the source of traffic traversing Logical Server and ELBs can be identified by the instances, which may be required for applications.
Does this workaround not apply to R80.10? I am in the process of deploying a new R80.10 CheckPoint in AWS to replace an R77.30 one.
When is official support coming? If this workaround is not applicable to R80.10, I am at a standstill on this project...