IgorR
Explorer

Multiple Public IP for multiple server in azure behind CP FW

Hello guys,

After successfully deploying a CloudGuard Gateway and Management I wish to publish different services with a different public IP.

TO achieve this I must get the public IP Routed to the external interfaces of the firewall (on the classic old school deployment)

In Azure, according to what I found, I should use the Load Balancer of azure.

 

I don't wish to use the load balancer. I wish to use the IP as an Alias or Loopback or whatever on my CP.

The question is how I am assigning the Public IP to the virtual machine of the firewall? 

I've tried to create an interface and assign it to the FW.

I've changed the static NAT on the relevant object to the public IP. I am observing XLATE NAT with the PIP but actually, the server won't work. I am not getting why. Probably because the additional interfaces is different from the External one which is NATing actually the traffic.

The question also might be it is possible to assign IP to the same external interfaces which I already have? after that probably I must add an alias. but now, with such configuration when there is an additional interface, even if I am trying to configure the PIP as a Loopback it won't work 😞 

 

Any suggestions? 

p.s 

NO LOAD BALANCER should be involved

 

Thanks 

0 Kudos
Reply
2 Replies
PhoneBoy
Admin
Admin

If you can configure Azure to route a public IP to the gateway somehow, then we can handle the NAT from there without assigning the IP to a gateway interface (loopback or otherwise).

0 Kudos
Reply
Matthias_Haas
Advisor

Hi Igor,

have you tried this?

https://community.checkpoint.com/t5/Cloud-Network-Security-IaaS/STATIC-NAT-in-Azure-Checkpoint/m-p/7... 

Multiple secondary private/public IPs on the external Interface ?

You have to use the private IP for the Checkpoint NAT, the NAT into/from the Public IPs is done by Azure

Matthias

0 Kudos
Reply