I want to deploy the Checkpoint on the Azure Cloud in HA mode using the LB.
please help me and provide some information, how can I do it?
please share any KB articles.
thanks in advance.
Why don't you search on support center or even here?
Thanks for the Response Martin.
I tried to find, but I couldn't get something satisfactory.
But i will try one more time
R80.10 CloudGuard IaaS High Availability for Microsoft Azure
Thanks for the Document, it is helpful to me.
The guide Martin posted is good. But you'll want to pay attention to the bit about failover.
When a fail-over happens, the gateways have to notify Azure via API that this has happened and Azure has to modify your routing tables to push traffic over to the newly activated gateway. This can take 2 minutes or more. Your connections will be down while Azure is updating its route tables. The firewalls themselves will fault in about the same amount of time that you'd expect for an on-prem cluster fault to happen.
The guide makes mention of internal and external load balancers for the firewalls. Maybe it is a wording thing. But we never had internal load balancers in front (behind?) of our firewalls. There's a LB on the dirty side of the firewall and Azure's API takes care of route tables on the clean side.
Yes, clustering in Azure doesn't make sense now, when there are VM scale sets, which are now also supporting all outbound ports, not just http/s.
I don't think it ever made sense, honestly. Having to deal with the API and load balancers is garbage.
thanks, Martin/Tommy for the valuable suggestion.
I was planning to use the LB on the front of both devices. Suppose the primary unit will be down, the second unit will not receive the probs from the Primary, in the case, Azure will update UDR and the traffic will terminate to the Secondary firewall.
is it correct? can I try this?
That pretty much sums it up. It should work if you get everything setup correctly.
I will try this one.
Public Cloud networking does not support multicast or the concept that two or more systems having the same IP, both of which are required for traditional ClusterXL.
To get similar functionality, you have to use the relevant APIs to move IPs and routes around or load balancers.
Off the top of your head, what are the things most customers ask your support?
If you are not sure, go through your support tickets from the past month (or week, if your volume is huge). If that doesn’t give you enough information, find out what your customers are searching for by looking at your search terms in Google Analytics.
Retrieving data ...