Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aman_Choubey
Contributor

Azure Integration

Hi Checkmates,

I want to deploy the Checkpoint on the Azure Cloud in HA mode using the LB.

please help me and provide some information, how can I do it?

please share any KB articles.

thanks in advance.

13 Replies
Martin_Valenta
Advisor

Why don't you search on support center or even here? Smiley Happy

Aman_Choubey
Contributor

Thanks for the Response Martin.

I tried to find, but I couldn't get something satisfactory.

But i will try one more time

Aman_Choubey
Contributor

Thanks for the Document, it is helpful to me. Smiley Happy 

Tommy_Forrest
Advisor

The guide Martin posted is good.  But you'll want to pay attention to the bit about failover.

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

The guide makes mention of internal and external load balancers for the firewalls.  Maybe it is a wording thing.  But we never had internal load balancers in front (behind?) of our firewalls.  There's a LB on the dirty side of the firewall and Azure's API takes care of route tables on the clean side.

Martin_Valenta
Advisor

Yes, clustering in Azure doesn't make sense now, when there are VM scale sets, which are now also supporting all outbound ports, not just http/s.

Tommy_Forrest
Advisor

I don't think it ever made sense, honestly.  Having to deal with the API and load balancers is garbage.

Aman_Choubey
Contributor

thanks, Martin/Tommy for the valuable suggestion.

I was planning to use the LB on the front of both devices. Suppose the primary unit will be down, the second unit will not receive the probs from the Primary, in the case, Azure will update UDR and the traffic will terminate to the Secondary firewall.

is it correct? can I try this?

Tommy_Forrest
Advisor

That pretty much sums it up.  It should work if you get everything setup correctly.

Aman_Choubey
Contributor

Thanks, Tommy,

I will try this one.

PhoneBoy
Admin
Admin

Public Cloud networking does not support multicast or the concept that two or more systems having the same IP, both of which are required for traditional ClusterXL.

To get similar functionality, you have to use the relevant APIs to move IPs and routes around or load balancers.

Shane_James
Explorer

Off the top of your head, what are the things most customers ask your support?

If you are not sure, go through your support tickets from the past month (or week, if your volume is huge). If that doesn’t give you enough information, find out what your customers are searching for by looking at your search terms in Google Analytics.

Robert_Peter
Explorer

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.