Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gojira
Collaborator
Collaborator

Azure S2S vpn

Hello Team,

Have a question and apologies in advance if its not very precise.

Have deployed a cluster in Azure, classic cloudguard Iaas HA topology.

 

everything seems to work fine when i dont nat anything behind the external VIP (private).

 

Now the question is regarding VPN, do you usually need extra config on the load balancers or anywhere in azure to permit 500/4500/ESP towards the gateway from the load-balnacers public IP?

As i dont seem to get anything except if there is a rule in the lB in azure for it.

Hope its more or less clear.


Thanks

Juan

0 Kudos
3 Replies
the_rock
Legend
Legend

I dont recall one of our customers having to do any extra config on load balancer end for this couple of years ago. We have pay as you go Azure subscription, so I can fire up a lab in it this week and verify for you. I know Azure is super limited when it comes to doing any sort of troubleshooting (certainly nothing like any major vendor's firewall).

0 Kudos
PhoneBoy
Admin
Admin

I don't believe you can use Load Balancers with VPN (either Site-to-Site or Remote Access).
That's suggested by: https://support.checkpoint.com/results/sk/sk109360 
You would need to set up an active/passive cluster pair for VPN.

0 Kudos
Nir_Shamir
Employee Employee
Employee

Hi,

we don't use the LB for VPN at all , the LBs don't pass ESP traffic so it will never work.

you need to configure it with the Cluster's VIP which attached to the ACTIVE member , like we do with any other regular deployments.

check the Azure HA admin guide:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_IaaS_HighAvailability_for_...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.