- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Cloudguard cluster in Azure and VPN
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard cluster in Azure and VPN
Hello,
I have some doubts about the template in the Azure's marketplace and the deployment guide avalaible online. The marketplace template deploys also 2 loadbalancers, in front and behind the cluster, in order to manage the HA.
The front loadbalancer has a public ip, and it manages the incoming connections to the active firewall and is able to do it with tcp and udp, but no other protocols as esp. So how does it manage the esp traffic of a vpn?, I tried it in a lab, but I was not able to make it works..
Thanks in advance!
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you don't need to publish any applications then the frontend-lb is not used and you can delete it but I would leave it there for future use.
the internal-lb is a must have because we don't have a VIP on the Internal network and we use it to pass the traffic to the ACTIVE member.
All the internal traffic is routed towards it and from it to the ACTIVE member.
the external VIP will fail over without the use of the frontend-lb.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding the recommendation for keeping the external LB, if he doesn't need it, it's completely safe to delete it and add a new one when he needs it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you @Shay_Levin! . So if this cluster does not publish nothing on internet from the azure cloud and it only does a vpn with the dc onpremises and his firewalling, do the loadbalancers of the azure template still being needed? I understood that they are managing the flow of the incoming traffic in case of a failover event including the vpn traffic...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you don't need to publish any applications then the frontend-lb is not used and you can delete it but I would leave it there for future use.
the internal-lb is a must have because we don't have a VIP on the Internal network and we use it to pass the traffic to the ACTIVE member.
All the internal traffic is routed towards it and from it to the ACTIVE member.
the external VIP will fail over without the use of the frontend-lb.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding the recommendation for keeping the external LB, if he doesn't need it, it's completely safe to delete it and add a new one when he needs it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the link above and coming back as "not found". Would it be possible to re-post the link or have the document available for download?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content