Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dear CheckMates,
I need some idea on attached Topology to achieve. Anyone can help me on this please.
1) Had spinned CheckPoint-CG VMSS in Azure.
2) Placed WebServer in Backend and Outgoing Internet traffic thru VMSS works fine.
3) Inbound traffic to Webserver thru VMSS also works fine with FrontendLB configured.
4) Since VMSS cannot support Site-to-Site VPN, we used Azure VirtualNetworkGW placed in VMSS VNet (New GatewaySubnet for AzureVPN)
5) Site Connection between Azure NativeVPNGW & 3rd Party got created fine & Connected Status
6) Used VPN Route based in Azure (not BGP) in "Connections" in Azure Portal
7) Requirement is:
a) Traffic from Peer-side to reach AzureVPNGW thru S2S-Tunnel.
b) Then AzureVPNGW should forward this traffic to VMSS for Inspection.
c) After Inspection, VMSS should in-turn route the traffic to Internal WebServer.
d) Inbound is (Traffic from PeerSide =>>> S2S =>>> AzureVPNGW =>>> VMSS =>>> WebServer)
e) Outbound is (Traffic From WebServer =>>> VMSS =>>> AzureVPNGW =>>> S2S =>>> PeerSide)
f) When packet from PeerServer leaves their localGW, it got encrypted
g) But don't see this packet in VMSS (Unable to check in AzureVPNGW)
h) But Webserver sends reply packets towards VMSS for this Inbounded traffic.
i) Looks like AzureVPNGW routes the Inbound traffic directly to WebServer and not to VMSS for inspection.
I unable to configure any separate routes in AzureVPNGW towards VMSS as both are part of same VNet
Either way traffic not reaching each other.
Any ideas on how can I achieve this.
Regards, Prabu
