- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: info about exposing services using AWS multi A...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
info about exposing services using AWS multi AZ and Checkpoint
Hi
this is our situation:
we AWS account with two AZ ; in these zone there is a Geo Cluster L3 Active Active that is facing internet.
With the actual configuration each firewall has its own public ip ,and for testing purpose I used dynamic object ( configuring them using CLI on each FW ) to public a service over Internet and this is working fine.
But i don't know how to manage the dns registration...
for example when AZ1 is managing the traffic for www.pippo.it has the public ip of the checkpoint in AZ1
when I force the traffic to switch in AZ2 the traffic is managed by the checkpoint in AZ2 ,but www.pippo.it obviously point to ip of AZ1
Is there any other solution ?
In normal situations usually I use a routed network for managing nat ,but on aws it seems impossible
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If this is truly Active-Active, wouldn't you configure the DNS to use both IPs?
Also, I believe Amazon can assist with maintaining the DNS in the situation using Route53.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is a fake active active, all the routing table in aws are attached only at a single AZ at once,basically only one AZ manage the traffic,both external and internal.
When we configured everything the only allowed CP configuration was the L3 Geo Cluster because the two AZ are like two different datacenter with two different provider,to make an example with "not cloud" technology.
We are thinking about converting our cluster into a GWLB that *should* works across different zones