cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Admin
Admin

R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution
1 Solution

Accepted Solutions
Ave_Joe
Nickel

Re: R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution

It was not a routing issue and the cause has finally been sorted.

After validating everything in the document and the setup in Azure the issue was discovered to be Anti-Spoofing.

The documentation states that Anti-Spoofing should be disabled on the frontend cluster interfaces (eth0).    It does not however mention anything about disabling Anti-Spoofing on the backend cluster interfaces (eth1).

After going through the document again this morning I set a log filter for a source of the backend-lb, 168.63.129.16.Screen Shot 2019-03-14 at 10.35.33 AM.png

After a couple of iterations while working with support we finally came to the conclusion that Anti-Spoofing needed to be disabled on cluster internal interfaces also.

Policy was pushed after disabling Anti-Spoofing and everything started working as expected.

The documentation needs to be updated to also include disabling Anti-Spoofing on eth1.

View solution in original post

0 Kudos
4 Replies
Ave_Joe
Nickel

Re: R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution

Anyone know if there is an updated CloudGuard IaaS High Availability for Microsoft Azure guide for R80.20 release?  I deployed a R80.20 IAAS Cluster and traffic to VM hosts behind the Azure gateway is not working  Using a test VM host I started a tcpdump looking for traffic.  The VM host responds to packets but the CP security gateway never sees the return packet.

I have been through this document several times trying to see what I may have missed but everything seems to  be configured per the document.

I think the issue is somewhere between the load balancer and the CP security gateway but have figured that maybe an updated version may help me figure it out.

Any one else having this issue?

Thanks!

0 Kudos

Re: R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution

That sounds like more a routing issue only..

0 Kudos
Ave_Joe
Nickel

Re: R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution

It was not a routing issue and the cause has finally been sorted.

After validating everything in the document and the setup in Azure the issue was discovered to be Anti-Spoofing.

The documentation states that Anti-Spoofing should be disabled on the frontend cluster interfaces (eth0).    It does not however mention anything about disabling Anti-Spoofing on the backend cluster interfaces (eth1).

After going through the document again this morning I set a log filter for a source of the backend-lb, 168.63.129.16.Screen Shot 2019-03-14 at 10.35.33 AM.png

After a couple of iterations while working with support we finally came to the conclusion that Anti-Spoofing needed to be disabled on cluster internal interfaces also.

Policy was pushed after disabling Anti-Spoofing and everything started working as expected.

The documentation needs to be updated to also include disabling Anti-Spoofing on eth1.

View solution in original post

0 Kudos
_Daniel_
Ivory

Re: R80.10 CloudGuard IaaS High Availability for Microsoft Azure

Jump to solution
Hi Dameon,

The above link looks like broken
0 Kudos