This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gusa2727
Contributor
‎2023-06-09 04:28 AM
Jump to solution

CloudGuard AWS - Multiple Public IPs

In a Active/Passive HA environment, how do you manage adding multiple public IPs to the cluster? Do I have to create one Network Load Balancer per EIP (due to the one EIP per NLB limitation), or is there a way of assigning the EIPs to the active EC2 instance directly, and these EIPs move to the Secondary node when a failver is detected (FortiGate HA works in this way)?. Thank you.

0 Kudos
1 Solution

Accepted Solutions
Nir_Shamir
Employee Employee
Employee
‎2023-06-11 02:05 AM
In response to Gusa2727
Jump to solution

You can in Azure (depending on your Image version and you need to modify a configuration file in the GW according to the admin guide - https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_IaaS_HighAvailability_for_...

in GCP it's not supported.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-06-09 03:28 PM
Jump to solution

Our clustering only supports a single IP per virtual interface.
I believe this limitation applies in public cloud as well.
Which means you'll probably need to do this with NLBs. 

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2023-06-10 10:39 PM
Jump to solution

Our VIP is used as a secondary IP on the ACTIVE member eth0 interface so you can add another "secondary IP" the the ACTIVE member eth0 and attach a new Public IP to it.

It will move between the members , depending who is the ACTIVE one.

0 Kudos
Gusa2727
Contributor
‎2023-06-11 01:08 AM
In response to Nir_Shamir
Jump to solution

So, I can add multiple secondary IP on front/outside interface (as much as supported by the instance size), and all these secondary Interface will move to the secondary node in the event of failover, right? if yes, does this apply also to other Cloud Providers like Azure and GCP?

I know that we have the External Load Balancer in Azure, which supports multiple FrontEnd IPs, but we need to open multiple ports on the External Load Balancer (LB rules), which increase a lot the cost. 

Thanks!

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2023-06-11 02:05 AM
In response to Gusa2727
Jump to solution

You can in Azure (depending on your Image version and you need to modify a configuration file in the GW according to the admin guide - https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_IaaS_HighAvailability_for_...

in GCP it's not supported.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events