This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

Question for VPN Limitations of CloudGuard Network for Azure VMSS

I saw in the Limitations of CloudGuard Network for Azure VMSS 

  • Site to Site VPN is not supported.

We want to use a site2site tunnel from on Premise gateway to a "CloudGuard Network for Azure VMSS" gateway. That's really not possible nor supported ?

2 Solutions

Accepted Solutions
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

I believe that it is true and the documentation is accurate.

The problem is that the Azure External Load Balancer (service) takes in the traffic and distributes it to the SG/s behind the LB.

Problem #2: There is no synchronisation between the SGs since they are not a cluster and only enforce same policy for the traffic that is steered towards them (which is then sticky (as far as possible (scale in events change things..) - there's other threads on that)).

By design there is no S2S VPN support.

Still worth asking though because the cloud is so dynamic and you never know what they've got in the pipeline, or in another solution.

I think this one might need to go direct to the presales team if there is a customer demand/use case.

In the newer version of the CloudGuard Blueprints they always show the VMSS in the backend at the end of the Express Route.

They used to show a cluster there so that we could assume a IPSec VPN but that changed.

Can the solution use a CloudGuard Cluster?

https://www.checkpoint.com/downloads/products/cloudguard-architecture-blueprint-diagrams.pdf

 

View solution in original post

(1)
the_rock
MVP Platinum
MVP Platinum
3 weeks ago
Jump to solution

Hey Wolfgang,

Its 100% true. RA and VPN were supported on vmss till 2022, but not after.

Best,
Andy

View solution in original post

4 Replies
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

I believe that it is true and the documentation is accurate.

The problem is that the Azure External Load Balancer (service) takes in the traffic and distributes it to the SG/s behind the LB.

Problem #2: There is no synchronisation between the SGs since they are not a cluster and only enforce same policy for the traffic that is steered towards them (which is then sticky (as far as possible (scale in events change things..) - there's other threads on that)).

By design there is no S2S VPN support.

Still worth asking though because the cloud is so dynamic and you never know what they've got in the pipeline, or in another solution.

I think this one might need to go direct to the presales team if there is a customer demand/use case.

In the newer version of the CloudGuard Blueprints they always show the VMSS in the backend at the end of the Express Route.

They used to show a cluster there so that we could assume a IPSec VPN but that changed.

Can the solution use a CloudGuard Cluster?

https://www.checkpoint.com/downloads/products/cloudguard-architecture-blueprint-diagrams.pdf

 

(1)
the_rock
MVP Platinum
MVP Platinum
3 weeks ago
Jump to solution

Hey Wolfgang,

Its 100% true. RA and VPN were supported on vmss till 2022, but not after.

Best,
Andy
Don_Paterson
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

I guess vWAN is not in scope?

https://www.checkpoint.com/cloudguard/microsoft-azure-security/wan/# 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
3 weeks ago
In response to Don_Paterson
Jump to solution

Seems like it.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events