This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chandhrasekar_S
Collaborator
‎2018-02-12 06:52 AM

Azure Checkpoint VSEC Cluster Internal Load balancer

Hi All,

I deployed CheckPoint VSEC cluster from Microsoft Azure Market place. I see the cluster is having a public load balancer, which has two cluster gateways outside IP's as front end IPs

I would like to spin up a second internal load balancer, which will have the cluster gateways inside IP's configured

I am able to deploy the load balancer and add the gateway IPs fine, however the challenge I am facing is, in order to achieve HA in Azure, we have to configure the second load balancer name is $FWDIR/conf/azure-ha.json file and reconf it.

I tried adding the second (internal) load balancer name after the comma, the azure_ha_cli.py isn't recognizing the second load balancer name and isn't failing over.

Does anyone have tried this and can you let me know how you are achieving HA using this method

Thanks,

Chandru

6 Replies
Martin_Valenta
Advisor
‎2018-02-15 11:00 PM

In json file you can specify only public load balancer name, it doesn't count with internal load balancer. Azure template for vsec cluster is deployed per design specified here Deploying a Check Point Cluster in Microsoft Azure 

0 Kudos
Chandhrasekar_S
Collaborator
‎2018-03-21 07:25 PM
In response to Martin_Valenta

I agree, in JSON file you specify the load balancer name. I have internal load balancer working fine on eth0 interface

I do understand, Azure template for vSEC cluster only supports load balancer on eth0 interface

It would be better if Check Point comes up having a load balancer on eth1 interface as well

0 Kudos
Martin_Valenta
Advisor
‎2018-03-21 08:30 PM
In response to Chandhrasekar_S

You might want to look on Auto scale option, this will give you load balancer on eth0 and eth1  Trust me having just one load balancer in front of cluster will give you a lot of fun.

Chandhrasekar_S
Collaborator
‎2018-03-24 06:58 PM
In response to Martin_Valenta

Yes Check Point Scale sets offer load balancers on both eth0 and eth1 interfaces. however they can only do stateless protocols like http and https. It works for internet facing apps. 

I cant deploy them every where, since we have to inspect other stateful protocols like sql server, rdp etc. 

0 Kudos
Nikhil_Deshmukh
Contributor
‎2018-07-19 05:22 AM
In response to Chandhrasekar_S

External Load Balancer's :- They are needed when you want to Publish Web Services (Web page / Application running on any Server) over the Internet.

See as per my understanding Internal Load Balancer's are used for Balancing the Traffic loads for any server between different nodes or not to expose Server's directly to User's.

Wht is your specific requirement with Load Balancer's to be acknowledged by VSec on the Internal Azure plane.?

Jerry_Thornhil1
Explorer
‎2018-07-13 08:02 AM

all,

how do you get the cluster to answer health probes from load balancers? even on internal interfaces.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events