- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Help with AWS routing tables for CloudGuard with A...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help with AWS routing tables for CloudGuard with AWS GWLB, Transit Gateway
Hi,
I am trying to configure an environment per https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Lo...
1. Transit Gateway
2. Scale set and GWLB
3. 1 spoke VPC
4. Trying to set up an internet-facing load balancer in the spoke VPC pointing to a workload in the spoke VPC, such that the traffic is inspected by Cloud Guard, ie the optional step in the guide "Configure Inbound traffic to spoke VPCs"
The guide referred to above has a diagram for all the required routes in all routing tables to achieve this. I believe I have followed this (double-checked all). I have set up separate route tables for all spoke VPC subnets.
The external load balancer/workload setup works correctly when I set the default route of the spoke load balancer subnet to the IGW, however obviously the traffic bypasses CheckPoint.
When I set the default route of the spoke load balancer subnet to the GWLBe which is how the guide says it should be, I can see the traffic enter the workload instance, but the traffic does not seem to be being passed to the security VPC.
My question:
Can you point me to any resources (videos, documents) that cover this use case and the routing in a bit more detail for this CloudGuard set up? It may be that I am interpreting the document incorrectly or missing a vital piece of information.
Thanks in advance,
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Sorry to reply to my own post however it seems I have made some progress following the AWS documentation here https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/getting-started.html
Cheers,
Andrew