This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aman_Choubey
Contributor
‎2019-01-08 06:31 AM

Azure Integration

Hi Checkmates,

I want to deploy the Checkpoint on the Azure Cloud in HA mode using the LB.

please help me and provide some information, how can I do it?

please share any KB articles.

thanks in advance.

13 Replies
Martin_Valenta
Advisor
‎2019-01-08 07:24 AM

Why don't you search on support center or even here? Smiley Happy

0 Kudos
Aman_Choubey
Contributor
‎2019-01-08 07:37 AM
In response to Martin_Valenta

Thanks for the Response Martin.

I tried to find, but I couldn't get something satisfactory.

But i will try one more time

0 Kudos
Aman_Choubey
Contributor
‎2019-01-08 09:03 AM
In response to Martin_Valenta

Thanks for the Document, it is helpful to me. Smiley Happy 

0 Kudos
Tommy_Forrest
Advisor
‎2019-01-08 08:01 AM

The guide Martin posted is good.  But you'll want to pay attention to the bit about failover.

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

The guide makes mention of internal and external load balancers for the firewalls.  Maybe it is a wording thing.  But we never had internal load balancers in front (behind?) of our firewalls.  There's a LB on the dirty side of the firewall and Azure's API takes care of route tables on the clean side.

0 Kudos
Martin_Valenta
Advisor
‎2019-01-08 08:04 AM
In response to Tommy_Forrest

Yes, clustering in Azure doesn't make sense now, when there are VM scale sets, which are now also supporting all outbound ports, not just http/s.

0 Kudos
Tommy_Forrest
Advisor
‎2019-01-08 08:09 AM
In response to Martin_Valenta

I don't think it ever made sense, honestly.  Having to deal with the API and load balancers is garbage.

Aman_Choubey
Contributor
‎2019-01-08 09:00 AM
In response to Tommy_Forrest

thanks, Martin/Tommy for the valuable suggestion.

I was planning to use the LB on the front of both devices. Suppose the primary unit will be down, the second unit will not receive the probs from the Primary, in the case, Azure will update UDR and the traffic will terminate to the Secondary firewall.

is it correct? can I try this?

0 Kudos
Tommy_Forrest
Advisor
‎2019-01-08 09:05 AM
In response to Aman_Choubey

That pretty much sums it up.  It should work if you get everything setup correctly.

Aman_Choubey
Contributor
‎2019-01-08 09:07 AM
In response to Tommy_Forrest

Thanks, Tommy,

I will try this one.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-01-09 09:59 PM
In response to Tommy_Forrest

Public Cloud networking does not support multicast or the concept that two or more systems having the same IP, both of which are required for traditional ClusterXL.

To get similar functionality, you have to use the relevant APIs to move IPs and routes around or load balancers.

0 Kudos
Shane_James
Explorer
‎2019-01-16 10:07 PM

Off the top of your head, what are the things most customers ask your support?

If you are not sure, go through your support tickets from the past month (or week, if your volume is huge). If that doesn’t give you enough information, find out what your customers are searching for by looking at your search terms in Google Analytics.

Robert_Peter
Explorer
‎2019-02-12 09:40 PM

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events