- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: CloudGuard Firewalls Permission- Azure
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CloudGuard Firewalls Permission- Azure
Hi There,
I believe firewalls require 'Contributor' role in Azure HA to move the VIP of the cluster between members during a failover.
We're planning to provision dedicated 'Inbound' firewalls to protect the workload traffic from the Internet. We don't have the permission to create a system managed identity during the template deployment, and I'm aware that service principal can be associated.
Since it doesn't need to move the VIP as they're Inbound firewalls, does it still require 'contributor' role for the failover to happen..?
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're not planning to use the VIP then it shouldn't affect the deployment.
you will only need to use the Load Balancers to route traffic to the ACTIVE member.