- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: AWS ELBs supported by vSEC R.80.10
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS ELBs supported by vSEC R.80.10
I'd be interested to know what kinds of ELBs are officially supported by Check Point in AWS and what, if any, caveats that are applied to each kind.
As part of an ongoing project, I am required to route inbound traffic to peered VPCs.
Classic and Network ELBs does not support this, as it requires targets to be instances in the same VPC.
The Application ELB does:
Thank you,
Vladimir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all, R80.10 doesn't yet support ELBs--this is coming.
As far as the different types of ELBs, there's two ways to look at this:
- As a target from an External ELB, we're just like any other instance: we'll receive the packet based on however the ELB decides to route it to us.
- As a source that routes it to an internal ELB, we are going to ultimately make the decision to route based on IP address, using a DNS lookup of the Logical Server object name to determine which IP to send the traffic to. Assuming we can route to the given IP, it doesn't matter if it's in the same VPC or not.
In both cases, I don't believe the type of ELB is relevant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would you know if it is possible for vSEC to inject X-Forwarded to the packets send to ELBs?
I'm not sure that the source of traffic traversing Logical Server and ELBs can be identified by the instances, which may be required for applications.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's an option in Application Control to do this, which means it's likely possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you point me to it?
The only place I've encountered it in was the "Advanced" properties of the Proxy settings.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's the one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nah, this one works for the egress only.
I was looking to do the same on the way to ELBs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dameon,
Does this workaround not apply to R80.10? I am in the process of deploying a new R80.10 CheckPoint in AWS to replace an R77.30 one.
Supporting internal Elastic Load Balancers (ELB) in Amazon Web Services (AWS)
When is official support coming? If this workaround is not applicable to R80.10, I am at a standstill on this project...
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The current R80.10 AMIs do not support ELBs.
They are expected to soon but I do not have the exact timeframe for this.