Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AleLovaz82
Collaborator

info about exposing services using AWS multi AZ and Checkpoint

Hi

this is our situation:

we AWS account with two AZ ; in these zone there is a Geo Cluster L3 Active Active that is facing internet.

With the actual configuration each firewall has its own public ip ,and for testing purpose I used dynamic object ( configuring them using CLI on each FW ) to public a service over Internet and this is working fine.
But i don't know how to manage the dns registration...

for example when AZ1 is managing the traffic for  www.pippo.it has the public ip of the checkpoint in AZ1
when I force the traffic to switch in AZ2 the traffic is managed by the checkpoint in AZ2 ,but www.pippo.it obviously point to ip of AZ1

Is there any other solution ?

In normal situations usually I use a routed network for managing nat ,but on aws it seems impossible

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

If this is truly Active-Active, wouldn't you configure the DNS to use both IPs?
Also, I believe Amazon can assist with maintaining the DNS in the situation using Route53.

0 Kudos
AleLovaz82
Collaborator

is a fake active active, all the routing table in aws are attached only at a single AZ at once,basically only one AZ manage the traffic,both external and internal.
When we configured everything the only allowed CP configuration was the L3 Geo Cluster because the two AZ are like two different datacenter with two different provider,to make an example with "not cloud" technology.

We are thinking about converting our cluster into a GWLB that *should* works across different zones

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.