- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Workshop Recording - Azure vWan & CloudGuard N...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure Virtual Wan & CloudGuard NVA Integration - Workshop Recording
The full workshop recording is here, at the bottom of the post you will find presentation , workshop materials , guides and more.
\
The attached vWAN_automation_script is used for large deployment, it's a python script that will create automatically all the CP NVA gateways on the Check Point management and install policy on them.
- How to Simulate GW Failure
cpstop and cpstart (cpstop will cause ILB health checks failures to tcp 8117)
• How to find current vWAN utilization for sizing
https://learn.microsoft.com/en-us/azure/virtual-wan/monitor-virtual-wan-reference#hub-router-metrics
• VWAN Documentation
https://learn.microsoft.com/en-us/azure/virtual-wan/how-to-routing-policies
Check Point Admin Guide
• Azure Virtual WAN github for diagrams and training
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome job!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
First of all, great video, it is very helpful to see how actually such deployment can be done. Thank you for this.
and I have got a question for similar scenario 🙂
I would like to have CloudGuard in my Azure vWan. Next I would like to onboard CloudGuard to my existing Managment Server which is located in OnPrem (in my office). However I would prefer to have a communication between these CloudGuard NVA's via Internal communication , by using private addresses. Means it would go from VWAN via Express route to my office and forward.
Can I assume that this is not a problem for management communication on similar scenario to above?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since the intent route will always send the traffic to the internal LB, you will need to create a UDR override the intent routes.
In addition, you should be aware of the fact that you will probably not be able to manage NVA in different hub until Microsoft will give the “explicit next hop” feature (interhub communications also passed through the internal LB).