cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Vladimir
Pearl

AWS ELBs supported by vSEC R.80.10

I'd be interested to know what kinds of ELBs are officially supported by Check Point in AWS and what, if any, caveats that are applied to each kind.

As part of an ongoing project, I am required to route inbound traffic to peered VPCs.

Classic and Network ELBs does not support this, as it requires targets to be instances in the same VPC.

The Application ELB does:

Thank you,

Vladimir

Tags (3)
8 Replies
Admin
Admin

Re: AWS ELBs supported by vSEC R.80.10

First of all, R80.10 doesn't yet support ELBs--this is coming.

As far as the different types of ELBs, there's two ways to look at this:

  • As a target from an External ELB, we're just like any other instance: we'll receive the packet based on however the ELB decides to route it to us.
  • As a source that routes it to an internal ELB, we are going to ultimately make the decision to route based on IP address, using a DNS lookup of the Logical Server object name to determine which IP to send the traffic to. Assuming we can route to the given IP, it doesn't matter if it's in the same VPC or not.

In both cases, I don't believe the type of ELB is relevant.

Vladimir
Pearl

Re: AWS ELBs supported by vSEC R.80.10

Would you know if it is possible for vSEC to inject X-Forwarded to the packets send to ELBs?

I'm not sure that the source of traffic traversing Logical Server and ELBs can be identified by the instances, which may be required for applications.

0 Kudos
Admin
Admin

Re: AWS ELBs supported by vSEC R.80.10

There's an option in Application Control to do this, which means it's likely possible.

0 Kudos
Vladimir
Pearl

Re: AWS ELBs supported by vSEC R.80.10

Can you point me to it?

The only place I've encountered it in was the "Advanced" properties of the Proxy settings.

0 Kudos
Admin
Admin

Re: AWS ELBs supported by vSEC R.80.10

That's the one.

0 Kudos
Vladimir
Pearl

Re: AWS ELBs supported by vSEC R.80.10

Nah, this one works for the egress only.

I was looking to do the same on the way to ELBs.

0 Kudos
Matt_J
Nickel

Re: AWS ELBs supported by vSEC R.80.10

Dameon,

Does this workaround not apply to R80.10? I am in the process of deploying a new R80.10 CheckPoint in AWS to replace an R77.30 one. 

Supporting internal Elastic Load Balancers (ELB) in Amazon Web Services (AWS) 

When is official support coming? If this workaround is not applicable to R80.10, I am at a standstill on this project... 

Thanks

0 Kudos
Admin
Admin

Re: AWS ELBs supported by vSEC R.80.10

The current R80.10 AMIs do not support ELBs.

They are expected to soon but I do not have the exact timeframe for this.

0 Kudos