a_security
Explorer

Azure Internal Load Balancer after checkpoint

Hello team ,

We have a customer where we will be using checkpoint HA in Azure for north-south traffic .

There is an Azure external LB before Checkpoint .

 

Now there is another Internet Juniper VSRX Standalone FW where all the VPN tunnels(from on prem) will be terminating.

 

Question is can we use a common Internal Load Balancer for both these Firewalls .?

 

We want all the outbound traffic to go via Checkpoint 

and all the on-prem specific traffic go via vSRX

 

There is a plan to have a F5 WAF after the Internal Load Balancer.

 

So can we have a common Internal Load Balancer to serve as a backend for both Checkppoint and Juniper

 

 

0 Kudos
3 Replies
a_security
Explorer

Hello

 

Anyone please ?

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, load balancers don’t support IPSec traffic at all.

0 Kudos
Matthias_Haas
Advisor

Hi,

I would use UDRs (User defined Routes) to direct the OnPrem networks to the Juniper SRX

Could be both ways, depending on where (subnet) you deploy your UDRs:

1. OnPrem <-> SRX <-> CP <-> Azure

2. OnPrem <-> SRX <-> Azure

 

Matthias

0 Kudos