This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gojira
Collaborator
Collaborator
‎2023-04-12 09:22 AM

Azure S2S vpn

Hello Team,

Have a question and apologies in advance if its not very precise.

Have deployed a cluster in Azure, classic cloudguard Iaas HA topology.

 

everything seems to work fine when i dont nat anything behind the external VIP (private).

 

Now the question is regarding VPN, do you usually need extra config on the load balancers or anywhere in azure to permit 500/4500/ESP towards the gateway from the load-balnacers public IP?

As i dont seem to get anything except if there is a rule in the lB in azure for it.

Hope its more or less clear.


Thanks

Juan

0 Kudos
3 Replies
the_rock
Legend
Legend
‎2023-04-12 10:19 AM

I dont recall one of our customers having to do any extra config on load balancer end for this couple of years ago. We have pay as you go Azure subscription, so I can fire up a lab in it this week and verify for you. I know Azure is super limited when it comes to doing any sort of troubleshooting (certainly nothing like any major vendor's firewall).

0 Kudos
PhoneBoy
Admin
Admin
‎2023-04-12 10:27 AM

I don't believe you can use Load Balancers with VPN (either Site-to-Site or Remote Access).
That's suggested by: https://support.checkpoint.com/results/sk/sk109360 
You would need to set up an active/passive cluster pair for VPN.

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2023-04-12 10:51 PM

Hi,

we don't use the LB for VPN at all , the LBs don't pass ESP traffic so it will never work.

you need to configure it with the Cluster's VIP which attached to the ACTIVE member , like we do with any other regular deployments.

check the Azure HA admin guide:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_IaaS_HighAvailability_for_...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events