cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Azure Integration

Hi Checkmates,

I want to deploy the Checkpoint on the Azure Cloud in HA mode using the LB.

please help me and provide some information, how can I do it?

please share any KB articles.

thanks in advance.

13 Replies

Re: Azure Integration

Why don't you search on support center or even here? Smiley Happy

0 Kudos

Re: Azure Integration

Thanks for the Response Martin.

I tried to find, but I couldn't get something satisfactory.

But i will try one more time

0 Kudos
Highlighted

Re: Azure Integration

 

Re: Azure Integration

Thanks for the Document, it is helpful to me. Smiley Happy 

0 Kudos

Re: Azure Integration

The guide Martin posted is good.  But you'll want to pay attention to the bit about failover.

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

The guide makes mention of internal and external load balancers for the firewalls.  Maybe it is a wording thing.  But we never had internal load balancers in front (behind?) of our firewalls.  There's a LB on the dirty side of the firewall and Azure's API takes care of route tables on the clean side.

0 Kudos

Re: Azure Integration

Yes, clustering in Azure doesn't make sense now, when there are VM scale sets, which are now also supporting all outbound ports, not just http/s.

0 Kudos

Re: Azure Integration

I don't think it ever made sense, honestly.  Having to deal with the API and load balancers is garbage.

Re: Azure Integration

thanks, Martin/Tommy for the valuable suggestion.

I was planning to use the LB on the front of both devices. Suppose the primary unit will be down, the second unit will not receive the probs from the Primary, in the case, Azure will update UDR and the traffic will terminate to the Secondary firewall.

is it correct? can I try this?

0 Kudos

Re: Azure Integration

That pretty much sums it up.  It should work if you get everything setup correctly.

Re: Azure Integration

Thanks, Tommy,

I will try this one.

0 Kudos
Admin
Admin

Re: Azure Integration

Public Cloud networking does not support multicast or the concept that two or more systems having the same IP, both of which are required for traditional ClusterXL.

To get similar functionality, you have to use the relevant APIs to move IPs and routes around or load balancers.

0 Kudos

Re: Azure Integration

Off the top of your head, what are the things most customers ask your support?

If you are not sure, go through your support tickets from the past month (or week, if your volume is huge). If that doesn’t give you enough information, find out what your customers are searching for by looking at your search terms in Google Analytics.

Re: Azure Integration

When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway.  This can take 2 minutes or more.  Your connections will be down while Azure is updating its route tables.  The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.

0 Kudos