This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shay_Levin
Admin
Admin
‎2022-04-07 06:55 AM

The Workshop - AWS Gateway LoadBalancer & CloudGuard Network

Do you want to learn how to build a state-of-the-art enterprise scalable network architecture on AWS?

Join me for a 2.5  hands-on workshop.

I will provide you with an AWS account and will walk you through a step-by-step process of building the below architecture from scratch.

*** Each Workshop will be closed for registration after 20 users ***

APAC  -         Apr 12, 2022 12:00 PM Singapore - Register Here

AMERICA -  Apr 13, 2022 09:00 AM Pacific Time (US and Canada)  - Register Here

EUROPE -    Apr 14, 2022 10:00 AM London  - Register Here

MicrosoftTeams-image (2).png

 

0 Kudos
5 Replies
WingChow
Participant
‎2022-04-10 09:51 PM

Hi Shay_Levin,

Great!! i have some questions about integration with AWS Transit Gateway VPN from On premise..I've been working with a customer in GWLB CHKP and i have some issues about East-West Inspection with AWS VPN traffic the Check Point in AutoScaling GWLB cannot see that traffic because in the TGW will have the decision for that inspection when associate and propagate Routes and VPC to BGP for On Premise VPN.

I have two TGW Route table first one is for Inbound and the second one is for Outbound. Well we will see in production environment.

I'll be in that workshop.

Best regards,

0 Kudos
mk1
Collaborator
‎2022-07-17 04:36 AM

Hello @Shay_Levin ,

Is there any record of the session somewhere?

Thank you!

0 Kudos
iamraylau
Explorer
Thursday

Hi Shay_Levin,

 

will this workshop open in this year again? 

how can the CGNS work with the incoming traffic ? what if the CGNS behind the EIP, NLB and ALB? what will be the architecture ?

0 Kudos
ChristianCastil
Employee
Employee
Friday
In response to iamraylau

for this scenarios, there is some architectural designs that could work.

  • Inspection or the real source happens in the GW
    • for this you should use Ingress Routing, deploying the Public Facing resource in it's own subnet and within a VPC with IGW, then associate an IGW route table (Edge association) that will send the Public Facing Subnet CIDR block to the relevant GWLB Endpoint per AZ, this is useful when you want to apply security to control de source or in directly attached PIP on EC2 Instances, the subnet where the public facing resources are deployed needs to point reply to GWLB Endpoint.
  • Inspection happen after the ELB and could be in clear packet
    • When you deploy ELB (NLB or ALB) and the targets are in other VPC (like deploying the ELB in a Subnet where the Check Point are and the Targets are in a VPC attached by the TGW) the default behavior is to SNAT the packet by the ELB private IP, so you can apply a Route Table that will send all RFC1918 or the VPC CIDR into the GWLB (like the one that you're using for the NATGW already), this will show to the Check Point just the IP address of the ELB as source, but allows you to add TLS termination in the NLB or ALB, making the GW able to Deep Packet Inspect the flow, you can apply the Firewall policy directly in the SG associated to the ELB.

hope is clear, if not, please let me know to clarify any doubt.,

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events