Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dinkoctlui
Explorer

R80.40 southbound Geo Cluster hide nat in AWS environment

Hello

We've deployed a R80.40 southbound Geo Cluster in AWS environment for dealing with east-west and egress Internet traffics.

We don't want to hide nat AWS east-west traffics but only hide nat Internet egress traffics.

My nat policy is in attachment

02-06-2020 15-37-18.png

Every thing works well until I test failover 😞

After the geo cluster failover, egress Internet traffics always match nat rule#4, so making no access to Internet ...

Some one can help ...

0 Kudos
2 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @dinkoctlui,

You can test the following!

A) Check the cluster failover:

  1) Run the script with this command (do not change the syntax):
  # $FWDIR/scripts/azure_ha_test.py
  2) If all tests were successful, this shows: All tests were successful!
     
Otherwise, an error message is displayed with information to troubleshoot the problem.
  3) Simulate a cluster failover. For example, shut down the internal interface of the active cluster member:
      # ip link set dev eth1 down/up
      or
      # clusterXL_admin down/up

B) Use an automatic hide NAT rule on the cluster object!
Hide_NAT.JPG

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
vivekanand
Explorer

Hello,

Did you find a solution to your problem? I am currently trying to deploy a similar architecture and curious to know if your issue is fixed.

 

Regards,

Vivek

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.