- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Cloudguard deployment best practices
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cloudguard deployment best practices
We are in the process of the deployment of cloudguard with Checkpoint assistance, also I am watching a few Checkpoint deployment videos. I noticed a few architecture options we moved from and to. As the change is hard after the deployment is done. I have the following questions:
1. cluster failover pros and cons:
For our cloudguard deployment in AWS, our cluster failover is achieved via API updating the route table. When we came to Azure deployment, we had LB,
Does AWS have LB option too ?
LB is a must for Azure ? (Note: We do not need Northbound, only need Southbound to on-prem)
2. Using Route Server or not
Based on some difference for routing approaches between AWS and Azure, Route servers should be used or not ?
3. VNET for Cloudguard
Cloudguard should be deployed in the same vnet with other network components or in its dedicated vnet.
Any suggested best practices for these options ?
thanks a lot !!
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. AWS doesn't have an LB option , everything works with API. we used to have the same in Azure until we moved to work with LBs. the API failover in AWS is pretty fast and usually you don't even notice it.
2. Route-Servers are more dynamic the the regular UDRs . if you have a small static network then I would use UDRs. for large networks and VNETS + constant changes I would use Route Servers do ease the operation of changes.
3. I always deploy the CloudGuard GWs in a separate compartment (VNET or VPC etc.) it's easier to manage it and it doesn't mixup with the rest of your networks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. AWS doesn't have an LB option , everything works with API. we used to have the same in Azure until we moved to work with LBs. the API failover in AWS is pretty fast and usually you don't even notice it.
2. Route-Servers are more dynamic the the regular UDRs . if you have a small static network then I would use UDRs. for large networks and VNETS + constant changes I would use Route Servers do ease the operation of changes.
3. I always deploy the CloudGuard GWs in a separate compartment (VNET or VPC etc.) it's easier to manage it and it doesn't mixup with the rest of your networks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You got the answer.
Andy