This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shay_Levin
Admin
Admin
‎2021-12-09 05:48 AM

Deep Dive - Azure Gateway Load Balancer and CloudGaurd AutoScale Integration

The new Azure GWLB service simplified the network architecture and allow you to easily get security services using third-party virtual appliances.

Check the Deep Dive video below for a deep dive walkthrough

 

 

3 Replies
Prabulingam_N1
Advisor
‎2021-12-15 03:16 AM

Hi Shay,

Thanks for this Deep-dive session.

If in case I deploy CG (Cluster or VMSS) and place below FrontendLB so that it can protect internal Webservers - what difference it makes rather than creating GLB with CG pools as described?

Still we can perform E-W or N-S traffic inspection if CG placed below FrontendLB.

Whats the advantage of this New topology compared to CG placed below FrontendLB.

Regards, Prabu

0 Kudos
Shay_Levin
Admin
Admin
‎2021-12-15 10:06 AM
In response to Prabulingam_N1

 

 The main advantage of the GWLB solutions is that you don't need to change the source IP address of the packet for ingress traffic.

 So, your webservers will see the client's original source IP address.

   With the "regular" scale set deployment, you will need to create a NAT rule that replaces the client's original source IP of the packet with the GW IP address for ingress traffic.

 

   The second advantage is that it’s effortless to connect vNets to the service and protect them; also, the consumer vNet can be located in a different region and on another tenant.

 With the “regular” scale set / cluster, you will need to create vNet peering and set UDRs.

 The disadvantage of the solution is that Azure does not support E/W traffic for now.

I believe they will solve that limitation soon; as they already got heads up on that.

I hope I answer your question

--Shay

0 Kudos
Prabulingam_N1
Advisor
‎2021-12-15 09:49 PM
In response to Shay_Levin

Hello Shay,

Hope E/W traffic can be covered in future.

Thanks for explanation.

 

Regards, Prabu

0 Kudos
Labels