This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IgorR
Explorer
‎2020-10-18 11:21 PM

Multiple Public IP for multiple server in azure behind CP FW

Hello guys,

After successfully deploying a CloudGuard Gateway and Management I wish to publish different services with a different public IP.

TO achieve this I must get the public IP Routed to the external interfaces of the firewall (on the classic old school deployment)

In Azure, according to what I found, I should use the Load Balancer of azure.

 

I don't wish to use the load balancer. I wish to use the IP as an Alias or Loopback or whatever on my CP.

The question is how I am assigning the Public IP to the virtual machine of the firewall? 

I've tried to create an interface and assign it to the FW.

I've changed the static NAT on the relevant object to the public IP. I am observing XLATE NAT with the PIP but actually, the server won't work. I am not getting why. Probably because the additional interfaces is different from the External one which is NATing actually the traffic.

The question also might be it is possible to assign IP to the same external interfaces which I already have? after that probably I must add an alias. but now, with such configuration when there is an additional interface, even if I am trying to configure the PIP as a Loopback it won't work 😞 

 

Any suggestions? 

p.s 

NO LOAD BALANCER should be involved

 

Thanks 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-10-19 07:47 PM

If you can configure Azure to route a public IP to the gateway somehow, then we can handle the NAT from there without assigning the IP to a gateway interface (loopback or otherwise).

0 Kudos
Matthias_Haas
Advisor
‎2020-10-21 03:00 AM

Hi Igor,

have you tried this?

https://community.checkpoint.com/t5/Cloud-Network-Security-IaaS/STATIC-NAT-in-Azure-Checkpoint/m-p/7... 

Multiple secondary private/public IPs on the external Interface ?

You have to use the private IP for the Checkpoint NAT, the NAT into/from the Public IPs is done by Azure

Matthias

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events