Azure VNET Peering from CloudGuard VNET to a new VNET in a different subscription
I have a requirement to implement Azure VNET peering to a VNET behind Azure Firewall in a different subscription to CloudGuard VNET. With my lack of Azure and CloudGuard Knowledge, I thought I could get some insights into how this can be achieved.
To begin with following information should help
1. Check Point CloudGuard version is R80.30
2. CloudGuard VNET already has a few VNET peerings that live in the same subscription.
3. The new subscription is in the same region
4. They subs are under same Tenant as the CloudGuard Firewall and VNET.
I can add the VNET Peering from Azure under my CloudGuard VNET, however I would like to understand if there's any additional changes that I need to do on the CloudGuards for routing traffic or access policies to restrict traffic from the peered VNET.
Any help would be appreciated.
from a routing/access policy point of view, there is no difference between a VNET peering within a subscription or a VNET peering between subscriptions. In both cases you have to modify the azure routes with UDRs to route the traffic to the CloudGuard.