This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abihsot__
Advisor
‎2023-02-02 01:02 PM

Cross-zone traffic with Cloudguard GWLB

 

Hi there,

I deployed cloudguard R80.40 gateways in AWS using GWLB for TGW template. After reading some documentation I specifically made sure that cross-zone balancing is turned OFF and TGW attachment which contain gateways is in appliance mode.

To my surprise I noticed that traffic is hitting random gateways. Any ideas how to further troubleshoot this issue?

image.png

 

image.png

image.png

0 Kudos
2 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2023-02-03 01:28 PM

By Default, AWS attempts to keep a zonal affinity for traffic, meaning that traffic sourced in an AZ maintains that AZ at each hop.

To remedy this behavior and to provide maximum HA coverage for the CGNS Auto Scaling Group, Check Point recommends enabling Cross Zone Load Balancing on GWLB.  This feature allows GWLB to distribute traffic across all targets in all enabled AZ’s to provide greatest HA coverage.  This feature will result in incurring inter-AZ data transfer charges.  

Check Point’s CloudFormation deployments for GWLB enable Cross AZ load balancing by default.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
abihsot__
Advisor
‎2023-02-05 11:27 PM
In response to HeikoAnkenbrand

Hi there,

This is very clear, however in cloudformation template you have parameter to enable/disable cross AZ balancing, where I selected "false" during initial deployment, but it still does cross AZ balancing. 

 

  CrossZoneLoadBalancing:
    Description: Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges.
    Type: String
    Default: true
    AllowedValues:
      - true
      - false
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events