This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gongya_Yu
Collaborator
‎2024-06-14 08:56 PM

really like to know what the next-hop IP points to in Azure express route table for ASN 65515

Working on Cloudguard with Azure express route

ER-Nexthop-1.PNG

What do the IPs in red point to ? 

Know it is Azure related ? But no one in Azure answers.  Here there are lots of experts. 

thanks !!

0 Kudos
14 Replies
Alex-
Leader Leader
Leader
‎2024-06-15 02:37 AM

Seems to be the BGP Peering Addresses of the Azure peer, like a Router or VPN Gateway.

On Check Point, this would be the router-id.

the_rock
Legend
Legend
‎2024-06-15 04:40 AM

@Alex- is 100% right. If you look at 3rd column, shows 65535, which in your case would be AS number.

Andy

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 08:16 AM
In response to the_rock

Here is the link related to this question ?
ER-Nexthop-2.PNG
ER-Nexthop-3.PNG
I do not know what peers these IPs in red point to ?

These IPs should be within GatewaySubnet,  65515 is MS  reserved internal ASN.

Are they virtual network gateway IPs ? If yes, we have 3 IPs in our environment. why ?
When a virtual network gateway is deployed, MS deploys two by default, right ?

thanks a lot !!

0 Kudos
the_rock
Legend
Legend
‎2024-06-15 08:42 AM
In response to Gongya_Yu

What is BGP peer |P?

Andy

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 10:46 AM
In response to the_rock

That is my question.  This is more Azure related question. I posed this in Azure community and no one answer. I am trying some luck here as more helpers are here.

We are deploying cloudguard in Azure. I am digging some details in order to understand the cloud environment.

I searched the internet for 2 days without any luck. The link above is the only thing I found which displays the  routing table. 

In our express routing table, the next-hop even has 3 IPs. I do not know where they point .
ER-Nexthop.PNG

Hopefully, Gustavo Coronel  and shay Levin can shed some light here. 🙂  I watched their many nice videos.
thanks !!

0 Kudos
the_rock
Legend
Legend
‎2024-06-15 10:50 AM
In response to Gongya_Yu

K, I see what you are saying now. Not sure what sort of support leven you have for Azure, but it might be worth opening case with their support to confirm.

Just a thought...

Andy

I will keep checking myself as well to see if I can find anything for you.

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 10:59 AM
In response to the_rock

thanks so much !!!

0 Kudos
the_rock
Legend
Legend
‎2024-06-15 10:56 AM
In response to Gongya_Yu

K, just had more careful look at this. I mean, could it be as simple as below?

Andy

 

Screenshot_1.png

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 11:08 AM
In response to the_rock

I guess those next-hop IPs are network virtual gateway. Like to get confirmation from some experts. Also how do we have three ?

Some MS docs mention:
"The Azure gateway subnet is needed by Azure to host the two virtual machines of your Azure gateway"

"A virtual network gateway is composed of two or more Azure-managed VMs that are automatically configured and deployed to a specific subnet that you create called the gateway subnet. The gateway VMs contain routing tables and run specific gateway services."




0 Kudos
the_rock
Legend
Legend
‎2024-06-15 11:19 AM
In response to Gongya_Yu

https://learn.microsoft.com/bs-latn-ba/azure/network-watcher/next-hop-overview

https://learn.microsoft.com/en-us/azure/network-watcher/next-hop-overview

https://www.tufin.com/blog/demystifying-azure-route-table

.12 hops all seem to have * beside them, whatever that means, most likely its DIRECTLY CONNECTED, as per below in the lab

 

[Expert@CP-STANDALONE:0]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.10.1 0.0.0.0 UG 0 0 0 eth0
172.16.10.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth1
\[Expert@CP-STANDALONE:0]# clish
CLINFR0771 Config lock is owned by admin. Use the command 'lock database override' to acquire the lock.
CP-STANDALONE> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
IS - IS-IS (L1 - Level 1, L2 - Level 2, IA - InterArea, E - External),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
NP - NAT Pool, U - Unreachable, i - Inactive

S 0.0.0.0/0 via 172.16.10.1, eth0, cost 0, age 92910
C 127.0.0.0/8 is directly connected, lo
C 172.16.10.0/24 is directly connected, eth0
external
C 192.168.10.0/24 is directly connected, eth1
internal

 

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 11:30 AM
In response to the_rock

thanks a lot !!

the_rock
Legend
Legend
‎2024-06-15 11:32 AM
In response to Gongya_Yu

No worries mate. Does that sort of makes sense?

Andy

0 Kudos
Gongya_Yu
Collaborator
‎2024-06-15 11:35 AM
In response to the_rock

I am reading them now.
I just sent a message to my previous co-worker. He is an Azure expert working for MS.

thanks so much !! 

the_rock
Legend
Legend
‎2024-06-15 11:44 AM
In response to Gongya_Yu

Sounds good!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events