This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gongya_Yu
Collaborator
Saturday
Jump to solution

Cloudguard deployment best practices

We are in the process of the deployment of cloudguard with Checkpoint assistance, also I am watching a few Checkpoint deployment videos. I noticed a few architecture options we moved from and to. As the change is hard after the deployment is done. I have the following questions:

1. cluster failover pros and cons:

    For our cloudguard deployment in AWS, our cluster failover is achieved via API updating the route table. When we came to Azure deployment, we had LB,

    Does AWS have LB option too ?

    LB is a must for Azure ? (Note: We do not need Northbound, only need Southbound to on-prem)

2.  Using Route Server or not

     Based on some difference for routing approaches between AWS and Azure, Route servers should be used or not ?

3. VNET for Cloudguard

    Cloudguard should be deployed in the same vnet with other network components or in its dedicated vnet.

Any suggested best practices for these options ?

thanks a lot !!

 

   

1 Solution

Accepted Solutions
Nir_Shamir
Employee Employee
Employee
Sunday
Jump to solution

1. AWS doesn't have an LB option , everything works with API. we used to have the same in Azure until we moved to work with LBs. the API failover in AWS is pretty fast and usually you don't even notice it.

2. Route-Servers are more dynamic the the regular UDRs . if you have a small static network then I would use UDRs. for large networks and VNETS + constant changes I would use Route Servers do ease the operation of changes.

3. I always deploy the CloudGuard GWs in a separate compartment (VNET or VPC etc.) it's easier to manage it and it doesn't mixup with the rest of your networks.

View solution in original post

(1)
2 Replies
Nir_Shamir
Employee Employee
Employee
Sunday
Jump to solution

1. AWS doesn't have an LB option , everything works with API. we used to have the same in Azure until we moved to work with LBs. the API failover in AWS is pretty fast and usually you don't even notice it.

2. Route-Servers are more dynamic the the regular UDRs . if you have a small static network then I would use UDRs. for large networks and VNETS + constant changes I would use Route Servers do ease the operation of changes.

3. I always deploy the CloudGuard GWs in a separate compartment (VNET or VPC etc.) it's easier to manage it and it doesn't mixup with the rest of your networks.

(1)
the_rock
Legend
Legend
Sunday
Jump to solution

You got the answer.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events