This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gongya_Yu
Collaborator
‎2024-06-12 09:14 PM
Jump to solution

Cloudguard LoadBalancer question

Almost all the videos from Youtube discuss the cloudguard deployment with load balancers.  Deep-dive Workshop: CloudGuard Network Security on Azure (Canada) explains why load balancers is used.

From Marketplace, I came  across a few different versions recently

1. there is an option to enable LB  (unfortunately I did not screenshot it) 

2. option for LB floating IP only
before.PNG

3. no option at all  LB.

current-0612.PNG

All the templates will deploy a LB by default automatically ?

Option 3  (this is the latest version I saw) deploys a LB ?

Cluster failover via API or LB are selective ?

thanks !!

0 Kudos
1 Solution

Accepted Solutions
LeonardHavekost
Employee Employee
Employee
‎2024-06-13 04:12 AM
In response to Gongya_Yu
Jump to solution

The route should always point to the LB IP. Can be found as well in the Deployment guide:

 

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_HA_Clust...

 

And yes the LB is always deployed as @Shay_Levin already stated. If not needed, you can also delete the Ingress LB. 

View solution in original post

2024-06-13 13_11_43-Window.png
Preview file
25 KB
6 Replies
Shay_Levin
Admin
Admin
‎2024-06-13 01:10 AM
Jump to solution

Hi, 

The High Availability  template deploy External and Internal NLB.

If you are not using Ingress , you can safely delete the external load balancer post deployment.

For the VMSS , you have the option to select in the template, if you want to deploy  External or Internal or Both.

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-13 04:01 AM
In response to Shay_Levin
Jump to solution

I watched your multiple videos. thanks !!
The deployment forms above related to LB are different, any reasons ?
Ingress you referred to is Northbound ? ( we do not use it)
Southbound has to use LB ? if yes. Can we still fail over via API instead of LB ?

thanks !!!

0 Kudos
LeonardHavekost
Employee Employee
Employee
‎2024-06-13 02:56 AM
Jump to solution

Cluster Failover always depends on which features / traffic flows you are using. Some are relying on API calls (e.g. for movement of Public IP addresses) and some on LB Healthprobes or both. But those are not selective.  

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-13 04:08 AM
In response to LeonardHavekost
Jump to solution

We only use southbound, the deployment template always deploys LB, right ? if yes, the UDR should point to LB, not the active node, or can we selectively point to either active node or LB ?

thanks !!

0 Kudos
LeonardHavekost
Employee Employee
Employee
‎2024-06-13 04:12 AM
In response to Gongya_Yu
Jump to solution

The route should always point to the LB IP. Can be found as well in the Deployment guide:

 

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_HA_Clust...

 

And yes the LB is always deployed as @Shay_Levin already stated. If not needed, you can also delete the Ingress LB. 

2024-06-13 13_11_43-Window.png
Preview file
25 KB

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events
    li.common.scroll-to.top