- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
Ink Dragon: A Major Nation-State Campaign
Watch HereCheckMates Go:
CheckMates Fest
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- CheckMates
- :
- Products
- :
- Hybrid Mesh
- :
- Cloud Firewall
- :
- Discussion
- :
- Cloudguard HA with Loadbalancer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
This widget could not be displayed.
3 Replies
Hi All,
I am having issues with my test lab, same config was working previously.
Cloudguard deployed in HA with Frontend and backend Loadbalancer.
Version R81.20 for both Mgmt and Cluster
Frontend subnet: 10.0.0.0/24
FW-1 10.0.0.4 FW-2 10.0.0.5 Frontend VIP: 10.0.0.6
Backend subnet: 10.0.1.0/24
FW-1 10.0.1.5 FW-2 10.0.1.6 Backend LB: 10.0.1.4
Prod Subnet: 10.1.0.0/24
Webserver IP 10.1.0.4
NO Public IP attached.
Prod Route : Picture attached
NAT rules attached
Access Rules attached
AntiSpoofing off on both internal and external interface
FLB Load balancing rules configured and enable with Floating IP (attached)
VNET peering setup and firewall can ping backend host and also able to ssh from firewall to backend host.
Issue:
same deployment previously worked traffic coming on FrontLB public IP natted to internal (backend server 10.1.0.4).
something has recently changed on Azure Level and its to do with routing dont know what. but traffic from outside to internal/backend host is not reachable.
TCPDUMP:
Traffic coming from home Public IP going to FLB public IP can be seen on Eth0 and on Eth1, no traffic arrive on Backend host.
TCPDUMP on Backend host:
traffic going out from Host to internet can be seen on firewall logs and Firewall Eth1
backend can access Internet and tracroute shows going via active firewall.
have tried everything can be possible and here to ask help, best would be someone to do the lab and can see the behaviour.
Thanks
Cloudguard HA with Loadbalancer
Cloudguard HA with Loadbalancer
Hi All,
I am having issues with my test lab, same config was working previously.
Cloudguard deployed in HA with Frontend and backend Loadbalancer.
Version R81.20 for both Mgmt and Cluster
Frontend subnet: 10.0.0.0/24
FW-1 10.0.0.4 FW-2 10.0.0.5 Frontend VIP: 10.0.0.6
Backend subnet: 10.0.1.0/24
FW-1 10.0.1.5 FW-2 10.0.1.6 Backend LB: 10.0.1.4
Prod Subnet: 10.1.0.0/24
Webserver IP 10.1.0.4
NO Public IP attached.
Prod Route : Picture attached
NAT rules attached
Access Rules attached
AntiSpoofing off on both internal and external interface
FLB Load balancing rules configured and enable with Floating IP (attached)
VNET peering setup and firewall can ping backend host and also able to ssh from firewall to backend host.
Issue:
same deployment previously worked traffic coming on FrontLB public IP natted to internal (backend server 10.1.0.4).
something has recently changed on Azure Level and its to do with routing dont know what. but traffic from outside to internal/backend host is not reachable.
TCPDUMP:
Traffic coming from home Public IP going to FLB public IP can be seen on Eth0 and on Eth1, no traffic arrive on Backend host.
TCPDUMP on Backend host:
traffic going out from Host to internet can be seen on firewall logs and Firewall Eth1
backend can access Internet and tracroute shows going via active firewall.
have tried everything can be possible and here to ask help, best would be someone to do the lab and can see the behaviour.
Thanks
Hi All,
I am having issues with my test lab, same config was working previously.
Cloudguard deployed in HA with Frontend and backend Loadbalancer.
Version R81.20 for both Mgmt and Cluster
Frontend subnet: 10.0.0.0/24
FW-1 10.0.0.4 FW-2 10.0.0.5 Frontend VIP: 10.0.0.6
Backend subnet: 10.0.1.0/24
FW-1 10.0.1.5 FW-2 10.0.1.6 Backend LB: 10.0.1.4
Prod Subnet: 10.1.0.0/24
Webserver IP 10.1.0.4
NO Public IP attached.
Prod Route : Picture attached
NAT rules attached
Access Rules attached
AntiSpoofing off on both internal and external interface
FLB Load balancing rules configured and enable with Floating IP (attached)
VNET peering setup and firewall can ping backend host and also able to ssh from firewall to backend host.
Issue:
same deployment previously worked traffic coming on FrontLB public IP natted to internal (backend server 10.1.0.4).
something has recently changed on Azure Level and its to do with routing dont know what. but traffic from outside to internal/backend host is not reachable.
TCPDUMP:
Traffic coming from home Public IP going to FLB public IP can be seen on Eth0 and on Eth1, no traffic arrive on Backend host.
TCPDUMP on Backend host:
traffic going out from Host to internet can be seen on firewall logs and Firewall Eth1
backend can access Internet and tracroute shows going via active firewall.
have tried everything can be possible and here to ask help, best would be someone to do the lab and can see the behaviour.
Thanks
Chris_Atkinson
MVP Platinum CHKP
2023-12-15
03:03 AM
Chris_Atkinson
MVP Platinum CHKP
2023-12-15
03:03 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you checked if any applicable Azure NSG has changed and verified that it allows the traffic flow?
Might otherwise be faster to consult TAC via a remote session if you suspect the actual firewall...
CCSM R77/R80/ELITE
Have you checked if any applicable Azure NSG has changed and verified that it allows the traffic flow?
Might otherwise be faster to consult TAC via a remote session if you suspect the actual firewall...
CCSM R77/R80/ELITE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
NSG allow traffic, I have also created an Any Any rule for both direction.
Hi Chris,
NSG allow traffic, I have also created an Any Any rule for both direction.
