This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Narsimha_Rao_Ko
Participant
‎2020-09-24 12:33 AM

Checkpoint firewall in SPAN mode in Google cloud

We were testing R80.40 CP Firewall in SPAN mode in Google cloud. But it is not working. It seems to be not working if we assign an IP address to the SPAN interface but that is what’s required in GCP for getting mirror traffic from the load balancer.

0 Kudos
6 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2020-09-24 06:37 AM

AFAIK there is a product that can do it : https://community.checkpoint.com/t5/SandBlast-Now/bd-p/sandblast-now 

 

0 Kudos
Narsimha_Rao_Ko
Participant
‎2020-09-24 08:36 AM
In response to Ofir_Shikolski

Thanks for the update.

 

We actually trying to use the Mirroring feature of Google Cloud Platform (GCP) to get the data from load balancer to CP firewall. It requires the IP address needs to be assigned to SPAN interface for the load balancer to send the data. But when we assign the IP, CP firewall dropping all the packets which are coming to SPAN interface saying 'missing OS route'

 

Can you suggest which CP product we have to choose in GCP Marketing place for this to work?

0 Kudos
Nir_Naaman
Collaborator
‎2020-09-24 11:17 AM
In response to Narsimha_Rao_Ko

A firewall is a layer 3 device and as such is not applicable to a traffic mirroring scenario. Traffic mirroring is typically used for IDS or NDR solutions. As Ofir indicated above, CloudGuard Now (the cloud variant of SandBlast Now) is such a product, and can indeed interoperate with GCP traffic mirroring. However, CloudGuard Now for GCP is not in General Availability yet, so if you're interested in trying it out, please contact me offline. See the SandBlast Now product brief for more details.

 

Narsimha_Rao_Ko
Participant
‎2020-10-14 07:11 AM
In response to Nir_Naaman

Thanks for the info. I will send you an email for further details.

0 Kudos
Narsimha_Rao_Ko
Participant
‎2020-10-14 07:57 PM
In response to Nir_Naaman

Can you please provide me with your email id?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-14 08:15 PM
In response to Narsimha_Rao_Ko

I’ll make sure @Nir_Naaman has your email and contacts you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events