- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Cloudguard Implementation without a Public loadbal...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard Implementation without a Public loadbalancer / public IP's
Hi all,
Where can i find information about a Cloud Guard Implementation without a public loadbalancer or without a loadbalancer without Public IP's.
Situation (See the screenshot)
-2x Check Point Applicance ClusterXL (On-Premise) with a connection to Azure by ExpressRoute
-1x Check Point Management (On-Premise)
-Microsoft Azure Environment with multiple VNET's.
The Azure environment is only accessible by the ExpressRoute connection.
I want to use the Check Point Cloud Guard between VNET's and the ExpressRoute within Azure without a Internet Connection or the use of Public IP's.
So traffic from On-Premise must go to the FrontEnd Loadbalancer -Check Point CloudGuard -> BackEnd Loadbalancers -> Different kind of azure virtual machines and vice versa.
When we create a CloudGuard Network Security environment within Azure, we choose not to use "Use Public IP Prefix", but it still does.
How can we achieve this, or is this even possible?
- Labels:
-
loadbalancer
-
public
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have done this several times. this is what you need to do:
1) you can't use the Frontend LB because it only has Public IPs. you can even delete it if you don't need to use it.
2) All your UDRs need to go to the Internal LB private IP and on the CloudGuard GWs make sure the default route in changed to the Azure Router on eth1 subnet.
This way all the traffic goes in and out from the same interface of the Check Point GWs (eth1) .
This way you have like a Firewall on a stick.
you can also detach the Public IPs from the CloudGuard GWs interface eth0 . the only thing you can't remove is the Public IP on the Cluster's VIP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have done this several times. this is what you need to do:
1) you can't use the Frontend LB because it only has Public IPs. you can even delete it if you don't need to use it.
2) All your UDRs need to go to the Internal LB private IP and on the CloudGuard GWs make sure the default route in changed to the Azure Router on eth1 subnet.
This way all the traffic goes in and out from the same interface of the Check Point GWs (eth1) .
This way you have like a Firewall on a stick.
you can also detach the Public IPs from the CloudGuard GWs interface eth0 . the only thing you can't remove is the Public IP on the Cluster's VIP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thnx for the information Nir_Shamir, that helped us.👍