Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Azure CloudGuard laaS Cluster and BGP question!

Hi Check Point guys,

I have an R80.30 Azure Cluster installation. So far everything works 🙂

Now the question appeared whether the firewall cluster can be connected via BGP (not via VPN) using VeloCloud. Because there is always a frontend  or backend load balancer for a cluster instance, I am not sure how to implement this. In the manuals and in the knowledge base I didn't find anything about this topic.

Now my question:

- Is BGP supported (without VPN) on a CloudGuard laaS cluster?
- Where can I find more information for Azure cluster and BGP via VeloCloud integration?
- Do you have an example integration paper.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
9 Replies
PhoneBoy
Admin
Admin

I guess I'm not clear what benefit BGP would bring in this case if there's no VPN involved.
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

VeloCloud is to be connected via two gateways in two zones to connect the azure with the customer network. If one check point gateway fails, the other one shall be used. Routing shall be ensured by BGP.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @PhoneBoy,

do you have any idea who from Check Point can help in this case?

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
PhoneBoy
Admin
Admin

I did a little bit of looking around internally and it seems someone has done exactly this.
I've found a doc for the Check Point side of this, at least, which I'll see if we can share.
Networks_Team_B
Participant

We are looking to do the same thing integrating VeloCloud in Azure with a Checkpoint. 

Is it possible for us to also see the documentation for this? 

Thanks for your help

0 Kudos
mattoddy1
Explorer

Hi, @PhoneBoy  - did you ever manage to dig the documentation out for this?

I've got a requirement to integrate two virtual VMware SD-WAN Edges with two ClusterXL CheckPoints. The SD-WAN Edges must be able to advertise their local routes to the active Check Point via BGP. 

Is there any information on how we can use internal load-balancers to achieve this?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin

For the use case in this thread, I don't believe we formalized the documentation and am not sure of the status of this.
The official integrations we have with VeloCloud are:

0 Kudos
nullform
Explorer

Hi,

I'm doing something similar with other vendors as well. Its quite fun setup, maybe we can setup a knowledge exchange on this topic. It's still in PoC but its working quite stable.

 

0 Kudos
Scottc98
Advisor

I'd love to bump this up to see if there are any updates on an official guide or one that is working today.  

I understand using BGP to advertise the routes between the Azure Velo Edge and the Checkpoint Azure cluster.....what I can't seem to get around is how there wouldn't be an impact if the checkpoint cluster failed over.    Its my understanding that without either graceful restart or C-bit here (REF: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...), BGP is going to bounce upon a cluster failover.      Last I checked on the VeloCloud side, they haven't supported graceful restart until 5.1.0 or later code (which is fairly resent). 


Is that the case?      If there a graceful restart requirement for an Azure cluster as it shows in the SK for a clusterXL setup overall, is graceful restart supported in Azure (i.e via Azure vWAN or Azure route service [ARS])?

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.